Re: Translating format strings

To: Debian Developers <debian-devel@lists.debian.org>
Cc: "Marcelo E. Magallon" <mmagallo@debian.org>
Subject: Re: Translating format strings
From: Martin Quinson <Martin.Quinson@ens-lyon.fr>
Date: Tue, 12 Mar 2002 02:26:48 +0100
Message-id: <[🔎] 20020312012648.GC6586@blaise.ens-lyon.fr>
In-reply-to: <[🔎] 20020310172205.GA1988@ysabell.wh.vaih>
References: <[🔎] 20020310172205.GA1988@ysabell.wh.vaih>

On Sun, Mar 10, 2002 at 06:22:05PM +0100, Marcelo E. Magallon wrote:
> Hi,
> 
>  I'm sorry if this is a bit off-topic, it concerns a wishlist bug in one
>  of my packages.
> 
>  printf(_("Writing frame: %d  %d => %d bytes\n"), ...);
> 
>  Would that be exploitable?  The program in question is a regular
>  gtk app, not setuid or anything like that.

That is no problem. Just make sure to run:
  msgfmt --statistics -c -v -o /dev/null the_po_file.po
on each translated file before you accept them. It will make sure the format
is the same. It will report any problem, and keep silencious when there is
no problem.

This is because if you translate the above string with "%s %s", you're sure
to segfault. It has to have tree time "%d" in it.

But it you use the above check, you're safe.

Bye, Mt.

-- 
Si les grands esprits se rencontrent, les petits esprits, eux, se cognent.

Reply to:

References:
- Translating format strings
  - From: "Marcelo E. Magallon" <mmagallo@debian.org>

Prev by Date: Re: [2002-03-10] Release Status Update
Next by Date: Re: executing of conffiles (init scripts) in postinst
Previous by thread: Re: Translating format strings
Next by thread: Bug#137729: ITP: wmpuzzle -- WindowMaker dock app 4x4 puzzle
Index(es):
- Date
- Thread