Re: [Libvir] [PATCH 4/9] qemudReportError: mark for translation string args to this function

["Richard W.M. Jones" <rjones redhat com>]

On Wed, Mar 26, 2008 at 08:55:53PM +0100, Jim Meyering wrote:
>              qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
> -                             "vncTLSx509certdir");
> +                             "%s", _("failed to allocate vncTLSx509certdir"));

versus:

>          qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
> -                         "Cannot find QEMU binary %s: %s", binary,
> +                         _("Cannot find QEMU binary %s: %s"), binary,
>                           strerror(errno));

I assume that the problem with the first one is that gettext might
erroneously return a string containing % sequences, resulting in a
runtime failure or even exploit.  But that could also be a problem
with the second one too, surely?  (ie. gettext might return three or
more % sequences).

OCaml gettext offers two forms of the gettext function, one for plain
strings and one for format strings[1].  The format string version
checks that any % sequences in the translated string are compatible
with those in the original string.  (If not then the original string
is returned to avoid any exploit).  Sounds as if we need a similar
feature in C gettext.  A cursory check of the info file didn't show
anything like this.

Rich.

[1] and of course the powerful type system ensures that you always use
the correct form, ho hum ...

-- 
Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top