On Mon, Dec 07, 2009 at 11:04:52PM +0100, Vladimir 'φ-coder/phcoder' Serbinenko
wrote:
> Colin Watson wrote:
> > Ubuntu's GCC enables -Wformat-security by default. This causes GCC to
> > (IMO rightly!) complain about constructs such as this:
> >
> > grub_printf (_("foo"));
> >
> > ... because it's all too easy for a translator to (usually accidentally)
> > insert % sequences which would cause printf to behave incorrectly. This
> > should instead be:
> >
> > grub_printf ("%s", _("foo"));
> >
> > Patch follows. I can't help thinking that this would be easier with a
> > grub_puts, but perhaps that isn't worth it given the relatively small
> > number of occurrences here?
> >
> > Also, should the line in notify_execution_failure instead be:
> >
> > - grub_printf (_("Failed to boot default entries.\n"));
> > + grub_printf ("%s\n", _("Failed to boot default entries."));
> >
> > ... to get rid of the unsightly \n in this translated string?
>
> This warning is simply wrong in this context.
I disagree. I have seen many practical problems caused by this coding
style.
> And silencing it is against gettext manual. Read
> http://www.gnu.org/software/hello/manual/gettext/Preparing-Strings.html
I see nothing relevant in that link. (I am familiar with gettext
already, having been using it for many years in other free software
projects.)
> http://www.gnu.org/software/hello/manual/gettext/c_002dformat-Flag.html#c_002dformat-Flag
That suggests one available option for tweaking the way gettext handles
such strings, but it does not prescribe any particular solution to the
problem. Indeed, it says "Of course one would normally use fputs", which
is just as valid a solution as adding the c-format flag, and quite
possibly more valid since it's a heck of a lot easier to maintain. We
don't have fputs in GRUB right now, so grub_printf ("%s", _(...)) is
perfectly valid too, in just the same way that fputs is.
IME, forcing no-c-format is much more useful than forcing c-format.
In short, it is not true that "silencing it is against gettext manual",
but thank you for providing me with links that if anything support my
position. ;-)
Vladimir, please can you be a little less terse in your objections in
future? For example, it is often helpful to quote specific text rather
than vague URLs. If you would like arbitration on whether my approach is
"correct" as per the gettext maintainers, I'm happy to bring it up with
them.
Thanks,
--
Colin Watson [cjwat...@ubuntu.com]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/grub-devel
