More checks on INT * STRING plus a man page note.

man/remind.1.in

@@ -2598,7 +2598,9 @@ The maximum number of iterations for the \fBSATISFY\fR clause
 A limit on the longest string that \fBRemind\fR will allow you
 to create.  The default is 65535.  If you set \fB$MaxStringLen\fR to 0
 or to -1, then \fBremind\fR will allow you to create arbitrarily-long
-strings, at least until it runs out of memory.
+strings, at least until it runs out of memory.  We do not recommend
+setting \fB$MaxStringLen\fR to 0 or -1 because it is very easy to write
+code that DOSes \fBRemind\fR in that case.
 .TP
 .B $MinsFromUTC
 The number of minutes between Universal Time Coordinated and local time.  If

src/expr.c

@@ -996,6 +996,10 @@ static int Multiply(void)
             DestroyValue(v1); DestroyValue(v2);
             return E_STRING_TOO_LONG;
         }
+        if ((unsigned long) l * (unsigned long) rep >= (unsigned long) INT_MAX) {
+            DestroyValue(v1); DestroyValue(v2);
+            return E_STRING_TOO_LONG;
+        }
         if (MaxStringLen > 0 && (l * rep) > MaxStringLen) {
             DestroyValue(v1); DestroyValue(v2);
             return E_STRING_TOO_LONG;