CVE-2024-2961: glibc iconv ISO-2022-CN-EXT buffer overflow — missing bounds checks in SS2/SS3 escape sequence writes

In glibc-2.38's iconv ISO-2022-CN-EXT encoder (iconvdata/iso-2022-cn-ext.c), the TO_LOOP body writes 4-byte escape sequence announcements for SS2 and SS3 character sets WITHOUT first checking if the output buffer has 4 bytes available. The loop framework (iconv/loop.c) only guarantees MIN_NEEDED_OUTPUT = 1 byte before calling the body. If the output buffer has only 1–3 bytes remaining and an SS2 (CNS11643-2) or SS3 (CNS11643-3..7) charset announcement is needed, the code writes 4 bytes unchecked, overflowing the output buffer by up to 3 bytes.