While fuzzing the library, as described in #4, I noticed the usage of /tmp/GDSIIConvert.log. This isn't good, for two reasons:

• it's a "temporary file of predictable name", in a shared directory which is world-writable in some setups. This is usually considered a vulnerability, for reasons that the Internet explains better than I do;
• GDSIIConvert writes enough data there to fill gigabytes in several hours, filling up my HDD... not good, I simply put a rm; sleep invocation in a loop to fix that, but that's ugly :)