Hello,
On Dec/07/2009, Colin Watson wrote:
> Ubuntu's GCC enables -Wformat-security by default. This causes GCC to
> (IMO rightly!) complain about constructs such as this:
>
> grub_printf (_("foo"));
I see...
(actually some weeks ago I thought about gettext security implications,
and I thought that if someone can change the .mo files there is some
bigger problem for the user... but I understand the point)
> ... because it's all too easy for a translator to (usually
> accidentally) insert % sequences which would cause printf to behave
(side and non-relevant note: if the translator wants to do some damage on
purpose he doesn't need to play with %s and %d, it's as easy as changing
strings from "Press C to Cancel and D to delete" to something like (in another
language) "Press D to Cancel and C to delete")
> incorrectly. This should instead be:
>
> grub_printf ("%s", _("foo"));
I like the general idea but I'm not 100% convinced of the
implementation:
a) It's a bit of false security because it's not fixing the case of file
normal/menu_text.c, line 191 (search the string "Use the %C and %C keys
to") or menu_text.c line 374 (search for "The highlighted entry")
(I agree that it's better than before... but not very solid)
b) How would you translate and handle:
grub_printf (_("Hello %s"), name);
The translator really needs "%s" because in other languages can be "%s
hello" (not the best example but maybe you get the point)
c) I'm thinking to implement grub_printf_ (str). I will send a patch
later to see if everybody likes. Then the call for simple strings would
be:
grub_printf_ ("%s", N_("Hello"));
Not much different from:
grub_printf_ (N_("Hello"));
But it's getting hard to print a string :-)
d) (important, even if it's the last one):
How it prevents mistakes from the current msgfmt checks?
For example, and using the option -c in msgfmt:
#: normal/misc.c:67
#, c-format
msgid "test %s t"
msgstr "test %d test2"
/usr/bin/msgfmt -c --statistics -o po/ca.mo po/ca.po
po/ca.po:1183: format specifications in 'msgid' and 'msgstr' for argument 1 are
not the same
/usr/bin/msgfmt: found 1 fatal error
26 translated messages, 213 untranslated messages.
Using any different number of %X from msgid and msgstr ishalting msgfmt (so, if
msgid contains 1 %s and 2 %d, msgstr has to contain the same)
We are talking from _(" "), I see that -Wformat-security is for "string came
from untrusted input and contains" when .mo are trusted. Are they?
How are other projectes implementing it? Specially the dynamic strings.
> Patch follows. I can't help thinking that this would be easier with a
> grub_puts, but perhaps that isn't worth it given the relatively small
> number of occurrences here?
We could replace grub_puts with grub_printf... or some other idea.
> Also, should the line in notify_execution_failure instead be:
>
> - grub_printf (_("Failed to boot default entries.\n"));
> + grub_printf ("%s\n", _("Failed to boot default entries."));
>
> ... to get rid of the unsightly \n in this translated string?
I really like that this fix the \n discussion that we had :-)
I like the idea and I understand that it's easy to make mistakes
translating strings. Actually I'm surprised that msgfmt is not giving
any warning if the
--
Carles Pina i Estany
http://pinux.info
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
