Ville Skyttä writes:
The attached diff against current hg is the result what I changed
back then in the XEmacs source tree. This is 100% untested (not
even built), and not even really thought about work, something may
be flat out wrong, something plain unnecessary, but there may be
some useful bits in the diff.
I'm not really worried about this kind of "vulnerability", but it
seems to me that in most cases it's unfriendly to error just because
the user passes "%s" into (lambda (s) (message s)). May as well do
something about (most of) the C cases too, although
fprintf (stderr, "%s", ENDOFLINE)
#define ENDOFLINE "\r\n"
seems more obfuscatory than useful.
So, thanks for the "heads up", we (FSVO "we") should do something
about it (including documenting it somewhere, probably in the coding
XEmacs-Beta mailing list