pty_stty() builds a shell command from STTY_BIN, stty arguments and
the slave pty name before passing it to system(). The command is
currently formatted into a fixed 10240-byte stack buffer with sprintf().
A long stty argument string can overflow that buffer. Allocate the
command buffer to the exact required size instead, and keep the existing
control flow when allocation or size calculation fails.
Found by Linux Verification Center (linuxtesting.org) with SVACE.