fritz-tools: fix out-of-bounds memset in TFFS segment expansion
When growing the segment array in find_entry(), the memset() that zeroes
the newly allocated slots computed the destination with redundant sizeof
scaling:
memset(segments + (num_segments * sizeof(struct tffs_entry_segment)), ...)
segments is a typed pointer, so pointer arithmetic already scales by the
element size. Multiplying the offset by sizeof again advances the
destination by num_segments * sizeof^2 bytes, landing far outside the
realloc()'d buffer and zeroing unrelated heap memory whenever a TFFS
entry spans multiple segments that require array expansion.
Drop the redundant multiplication so the memset targets segments[num_segments].
This is a robustness fix for malformed/corrupt TFFS content; the parser
only reads the on-device nand-tffs MTD partition as root, so it is not
considered security relevant.
Reported-by: @Vasco0x4
Assisted-by: Claude:claude-opus-4-8
Link: https://github.com/openwrt/openwrt/pull/23763
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>