tar/[REDACTED] likely unsafe strcpy into heap when building [REDACTED]

In [REDACTED], function [REDACTED] builds an environment string in the non-WRDSF_ENV_KV path by allocating namelen+strlen(value)+2 bytes, writing an '=' terminator at v[namelen++], and then calling strcpy(v+namelen,value). The allocation and index math are easy to get wrong, and the presence of a direct strcpy flagged by [REDACTED] suggests a potential heap buffer overflow if the allocation size or namelen/value invariants are violated (e.g., mismatch between provided namelen and actual name length, or non-NUL-terminated 'value').