bash: possible heap buffer overflow via sprintf into xmalloc-sized buffer in bash_add_history

In bashhist.c, bash_add_history() allocates new_line with xmalloc based on curlen, strlen(line), and strlen(chars_to_add), but then writes to it using sprintf(). If curlen or other components are inconsistent with the actual string lengths (e.g., due to modifying current->line in-place by overwriting a trailing '\n' with '\0'), the allocation can be off-by-one, making sprintf a heap buffer overflow risk (CWE-120).