In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://musl.libc.org/releases.html
https://lists.debian.org/debian-lts-announce/2020/11/msg00050.html