fix: the sprintf() call at line 196 formats a timest... in untgz.c

[orbisai0security]

Summary

Fix critical severity security issue in contrib/cpukit/zlib/contrib/untgz/untgz.c.

Vulnerability

Field	Value
ID	V-002
Severity	CRITICAL
Scanner	multi_agent_ai
Rule	V-002
File	contrib/cpukit/zlib/contrib/untgz/untgz.c:196

Description: The sprintf() call at line 196 formats a timestamp string derived from archive metadata into a fixed-size stack buffer using the format string "%4d/%02d/%02d %02d:%02d:%02d". The format specifier %4d does not enforce a maximum field width — a negative year value (e.g., -99999) or an extremely large integer produces output wider than 4 characters, overflowing the fixed result buffer and corrupting adjacent stack memory. No snprintf() with a size limit is used.

Changes

• contrib/cpukit/zlib/contrib/untgz/untgz.c

Verification

• Build passes
• Scanner re-scan confirms fix
• LLM code review passed

---

Automated security fix by OrbisAI Security