[Libvir] [PATCH 4/9] qemudReportError: mark for translation string args to this function
Richard W.M. Jones
rjones at redhat.com
Fri Mar 28 10:46:57 UTC 2008
On Wed, Mar 26, 2008 at 08:55:53PM +0100, Jim Meyering wrote:
> qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
> - "vncTLSx509certdir");
> + "%s", _("failed to allocate vncTLSx509certdir"));
> qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
> - "Cannot find QEMU binary %s: %s", binary,
> + _("Cannot find QEMU binary %s: %s"), binary,
I assume that the problem with the first one is that gettext might
erroneously return a string containing % sequences, resulting in a
runtime failure or even exploit. But that could also be a problem
with the second one too, surely? (ie. gettext might return three or
more % sequences).
OCaml gettext offers two forms of the gettext function, one for plain
strings and one for format strings. The format string version
checks that any % sequences in the translated string are compatible
with those in the original string. (If not then the original string
is returned to avoid any exploit). Sounds as if we need a similar
feature in C gettext. A cursory check of the info file didn't show
anything like this.
 and of course the powerful type system ensures that you always use
the correct form, ho hum ...
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
More information about the libvir-list