Unix mb_to_wc: add missing bounds checks.

Checking various implementations of these functions against each
other, I noticed by eyeball review that some of the special cases in
mb_to_wc() never check the buffer limit at all. Yikes!

Fortunately, I think there's no vulnerability, because these special
cases are ones that write out at most one wide char per multibyte
char, and at all the call sites (including dup_mb_to_wc) we allocate
that much even for the first attempt. The only exception to that is
the call in key_event() in unix/window.c, which uses a fixed-size
output buffer, but its input will always be the data generated by an X
keystroke event. So that one can only overrun the buffer if an X key
event manages to translate into more than 32 wide characters of text -
and even if that does come up in some exotic edge case, it will at
least not be happening under _enemy_ control.

unix/unicode.c

@@ -31,6 +31,8 @@ int mb_to_wc(int codepage, int flags, const char *mbstr, int mblen,
         memset(&state, 0, sizeof state);
 
         while (mblen > 0) {
+            if (n >= wclen)
+                return n;
             size_t i = mbrtowc(wcstr+n, mbstr, (size_t)mblen, &state);
             if (i == (size_t)-1 || i == (size_t)-2)
                 break;
@@ -44,6 +46,8 @@ int mb_to_wc(int codepage, int flags, const char *mbstr, int mblen,
         int n = 0;
 
         while (mblen > 0) {
+            if (n >= wclen)
+                return n;
             wcstr[n] = 0xD800 | (mbstr[0] & 0xFF);
             n++;
             mbstr++;