Fix string-to-multibyte overlong sequence bug

* src/character.h (MULTIBYTE_LENGTH, MULTIBYTE_LENGTH_NO_CHECK):
Remove, replacing with ...
(multibyte_length): ... this new function.  All callers changed.
The new function rejects overlong multibyte forms.
* test/src/buffer-tests.el (buffer-multibyte-overlong-sequences):
New test.

1 files changed, 8 insertions, 6 deletions

diff --git a/src/coding.c b/src/coding.c
index 716b0d99792..34f36d5a86a 100644
--- a/src/coding.c
+++ b/src/coding.c
@@ -7670,15 +7670,17 @@ consume_chars (struct coding_system *coding, Lisp_Object translation_table,
 
       if (! multibytep)
 	{
-	  int bytes;
-
 	  if (coding->encoder == encode_coding_raw_text
 	      || coding->encoder == encode_coding_ccl)
 	    c = *src++, pos++;
-	  else if ((bytes = MULTIBYTE_LENGTH (src, src_end)) > 0)
-	    c = STRING_CHAR_ADVANCE_NO_UNIFY (src), pos += bytes;
 	  else
-	    c = BYTE8_TO_CHAR (*src), src++, pos++;
+	    {
+	      int bytes = multibyte_length (src, src_end, true, true);
+	      if (0 < bytes)
+		c = STRING_CHAR_ADVANCE_NO_UNIFY (src), pos += bytes;
+	      else
+		c = BYTE8_TO_CHAR (*src), src++, pos++;
+	    }
 	}
       else
 	c = STRING_CHAR_ADVANCE_NO_UNIFY (src), pos++;
@@ -7727,7 +7729,7 @@ consume_chars (struct coding_system *coding, Lisp_Object translation_table,
 	  for (i = 1; i < to_nchars; i++)
 	    *buf++ = XFIXNUM (AREF (trans, i));
 	  for (i = 1; i < from_nchars; i++, pos++)
-	    src += MULTIBYTE_LENGTH_NO_CHECK (src);
+	    src += multibyte_length (src, NULL, false, true);
 	}
     }