On Wed, Mar 26, 2008 at 08:55:53PM +0100, Jim Meyering wrote:
> qemudReportError(NULL, NULL, NULL, VIR_ERR_NO_MEMORY,
> - "vncTLSx509certdir");
> + "%s", _("failed to allocate vncTLSx509certdir"));
versus:
> qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
> - "Cannot find QEMU binary %s: %s", binary,
> + _("Cannot find QEMU binary %s: %s"), binary,
> strerror(errno));
I assume that the problem with the first one is that gettext might
erroneously return a string containing % sequences, resulting in a
runtime failure or even exploit. But that could also be a problem
with the second one too, surely? (ie. gettext might return three or
more % sequences).
OCaml gettext offers two forms of the gettext function, one for plain
strings and one for format strings[1]. The format string version
checks that any % sequences in the translated string are compatible
with those in the original string. (If not then the original string
is returned to avoid any exploit). Sounds as if we need a similar
feature in C gettext. A cursory check of the info file didn't show
anything like this.
Rich.
[1] and of course the powerful type system ensures that you always use
the correct form, ho hum ...
--
Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://et.redhat.com/~rjones/virt-top
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list