Integer overflow in setenv

[mikevoronov]

This code could lead to integer overflow into malloc. In its turn with subsequent memcpy it could lead to heap overflow. Hypothetically it could affect users. If it is matter, I can make a PR.

P.S. Also it is interested are such cases matter in general? Are there any policy to or not to mitigate them? I can imagine situations when users could be affected of this behaviour, but don't know any real examples.