CVE-2019-5953: wget heap buffer overflow in do_conversion via incorrect E2BIG handling

GNU Wget 1.20.1 has a heap buffer overflow in src/iri.c's do_conversion() function. When iconv signals E2BIG (output buffer full), the reallocation handler incorrectly sets outlen to the new TOTAL buffer size instead of new REMAINING free space. This causes the next iconv call to believe it has far more output space than allocated, leading to writes past the allocated heap buffer.

Bug in E2BIG handler (lines 188-195): done = len; // BUG: total size not bytes-written len = outlen = done + inlen * 2; // BUG: outlen = new total, not remaining space s = xrealloc(s, outlen + 1); *out = s + done; // BUG: skips already-written region

Result: iconv thinks it has (old_total + inlen2) bytes remaining but only (inlen2) bytes are available, causing heap overflow on next invocation.