We convert a string like "W32:vendor/device" into "I:vendor;I:device",
where the output is longer than the input, but only allocate space equal
to the length of the input, leading to a buffer overflow.
Instead, write to a large temporary on-stack buffer that we then strdup,
and use snprintf rather than the wildly-unsafe combination of sprintf,
strcpy and raw character writes, exiting if we ever run out of space.
Found by: CHERI
Obtained from: CheriBSD