[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: sharutils does not build with -Werror=format-security
From: |
Bruce Korb |
Subject: |
Re: sharutils does not build with -Werror=format-security |
Date: |
Mon, 14 Oct 2013 08:43:54 -0700 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130922 Icedove/17.0.9 |
Hi Eric,
On 10/14/13 07:06, Eric Blake wrote:
else
- error (0, errno, _("Cannot get current directory name"));
+ error (0, errno, "%s", _("Cannot get current directory name"));
but in THIS form, xgettext sees no % mark, so it does NOT mark the .po
file, and therefore gettext() no longer attempts to sanitize the
translation, and a translator can sneak in any % mark. Yes, you can
argue that xgettext could be made smarter to properly annotate
string-literal formats with a printf annotation to force runtime
sanitization of the transalation, but for now, adding a "%s" format
argument is the easiest way to shut up the existing tool chain rather
than waiting for a fixed toolchain.
Then in this particular case, you are arguing for muddying up code
to accommodate deficiencies in the code analysis? I definitely
prefer the "do it properly and let the tools get fixed" approach.
To that end, I went to the trouble of adding -Wformat-contains-nul
warning to GCC.
I agree with Paul's agreement with me:
So you're right that if FOO is safe to use as
a format string, then _(FOO) should be safe too.
http://autogen.sourceforge.net/data/sharutils-4.13.6pre3.tar.xz
I'll actually release 4.13.6 "RSN". Cheers - Bruce