h) _cb_stdio_in_read(): potentially large memory allocation based on
untrusted user data
The line buf = malloc(head.size) takes the untrusted size specification
provided by the unprivileged user to allocate a potentially large chunk of
data. On Linux this is mostly uncritical, because the kernel overcommits
memory. On other OSs this could be used to hog memory in a root process.
I suggest to implement a reasonable maximum message size and reject everything