fix longstanding exit logic bugs in mbsnrtowcs and wcsnrtombs

these are POSIX 2008 (previously GNU extension) functions that are
rarely used. apparently they had never been tested before, since the
end-of-string logic was completely missing. mbsnrtowcs is used by
modern versions of bash for its glob implementation, and and this bug
was causing tab completion to hang in an infinite loop.

src/multibyte/mbsnrtowcs.c

@@ -47,6 +47,10 @@ size_t mbsnrtowcs(wchar_t *wcs, const char **src, size_t n, size_t wn, mbstate_t
 				cnt = l;
 				break;
 			}
+			if (!l) {
+				s = 0;
+				break;
+			}
 			/* have to roll back partial character */
 			*(unsigned *)st = 0;
 			break;

src/multibyte/wcsnrtombs.c

@@ -20,7 +20,7 @@ size_t wcsnrtombs(char *dst, const wchar_t **wcs, size_t wn, size_t n, mbstate_t
 	if (!dst) s = buf, n = sizeof buf;
 	else s = dst;
 
-	while ( n && ( (n2=wn)>=n || n2>32 ) ) {
+	while ( ws && n && ( (n2=wn)>=n || n2>32 ) ) {
 		if (n2>=n) n2=n;
 		wn -= n2;
 		l = wcsrtombs(s, &ws, n2, 0);
@@ -35,10 +35,11 @@ size_t wcsnrtombs(char *dst, const wchar_t **wcs, size_t wn, size_t n, mbstate_t
 		}
 		cnt += l;
 	}
-	while (n && wn) {
+	if (ws) while (n && wn) {
 		l = wcrtomb(s, *ws, 0);
-		if (!(l+1)) {
-			cnt = l;
+		if ((l+1)<=1) {
+			if (!l) ws = 0;
+			else cnt = l;
 			break;
 		}
 		ws++; wn--;