bug#59544: [PATCH] Fixed lib-src/etags.c command execute vulnerability

[Eli Zaretskii]

> Date: Sat, 26 Nov 2022 22:26:22 +0800
> Cc: stefankangas@gmail.com, 59544@debbugs.gnu.org
> From: lux <lx@shellcodes.org>
> 
> Yes, but I think it violates the original author's intention, and it 
> seems that there is no occasion to use this parameter in etags?
> 
> /*
>   * Read a line of text from `stream' into `lbp', excluding the
>   * newline or CR-NL, if any.  Return the number of characters read from
>   * `stream', which is the length of the line including the newline.
>   *
>   * On DOS or Windows we do not count the CR character, if any before the
>   * NL, in the returned length; this mirrors the behavior of Emacs on those
>   * platforms (for text files, it translates CR-NL to NL as it reads in the
>   * file).

The above is about the character counts written in TAGS tables, which are
produced by etags, not by ctags.  Files produced by crags only count lines,
not characters.  So the above comment is not relevant to ctags.

More importantly, the original tags file could have been written by a
utility other than our ctags, and I don't think we should change the EOL
format of such a file when we update it.