Hi Ingo, > but are we really sure that that nobody relies on the possibility to > run their own preprocessor before preconv(1)?
They of course do. > And that nobody pipes input into groff(1) on stdin? All the time. > This is a more serious bug, a potential security vulnerability: > Use after free. And I can see a probable wandering off the end of the buffer too. > I'd suggest that we first decide whether we want to encourage people > to put the coding at the end even though that clearly reduces > robustness and possibly harms portability. It's a bad idea. The clue is: > > +// Get coding tag from Emacs local variables list at end of file. A non-Unix text editor which liked to do things its way, e.g. the three-byte ‘foo’ is a text file. Putting how to read a file at the end of that file is such a daft idea when placed in a Unix context; it's alien and should not be encouraged. -- Cheers, Ralph.
