I looked around at the other calls to mbrtowc() in the code, and cleaned
up a few things:

1. I made all the code assign the return value to a size_t, not an int.
This should prevent a failure on a system where the size of an int is
larger than the size of a size_t (since the (size_t)-1 and (size_t)-2
values won't get converted into negative numbers if that is the case).

2. I added STOUC() around a couple char args that were getting passed to
nicechar() when mbrtowc() failed.

3. One of the calls needed to reset the mbstate_t object when continuing
to parse the string after mbrtowc() failed.

4. The code in sub_match() (in Src/Zle/compmatch.c) had a bug when it
assembled a wide-char value from multiple bytes (decoded from a metafied
string):  the code was not advancing past all the raw values used if
there was a meta char or a multibyte character sequence (and I think a
'\0' byte might have even looped infinitely).

After doing all that, it was time to begin looking at the next stage of
the non-inputable-filename problem: I decided to do the easiest possible
change first, so attached is a patch that causes zsh to insert a literal
question-mark in place of each errant character.  This allows me to at
least match a name that cannot be input into the command-line, but it
could be a little dangerous if it happens to match other filenames too,
so this is probably not something we'd want to use in an actual release.

..wayne..