I think a better solution would be to specify a format string for
stderr.
That's the "reimplement error handling completely differently" change.
If you or anyone wants to send me a patch for that, great.
I believe that's the proper way of handling it, and not
including a format string specifier opens you up to a vulnerability.
I don't see it. If a vulnerability persists, tell me the usual details.
karl
