Stack overflow in HTTP Basic auth encoding confirmed by unbounded sprintf

wget's HTTP Basic auth helper selects either a 256-byte stack buffer or a heap buffer for '[REDACTED]', but then always formats the string with sprintf() into the chosen destination. That makes the stack path overflow when credentials exceed the stack buffer size.