Potential stack overflow in Wget backup filename construction

Wget's HTML conversion path builds a backup filename on the stack in write_backup_file() using alloca() and then copies the original path plus a suffix with strcpy(). The allocation size is derived from strlen(file), but the code then writes either the original string plus '.orig' or rewrites the tail of an .html filename in place. This is a classic length-miscalculation / stack-buffer-overflow pattern in a post-download conversion path that can be reached from user-controlled URLs and local filenames.