Is it save to let translate C format strings?

To: debian-i18n@lists.debian.org
Subject: Is it save to let translate C format strings?
From: Jens Seidel <jensseidel@users.sf.net>
Date: Mon, 20 Aug 2007 05:02:56 +0200
Message-id: <[🔎] 20070820030255.GB12832@erde>
Mail-followup-to: debian-i18n@lists.debian.org

Hi all,

I found an ugly format flag in hex-a-hop which resulted from passing
a translator specified string (_("> Continue game 1 (1% complete) <"))
to the first argument of printf (I introduced the error myself).

It resulted in "> Continue game 1 (1�omplete) <" as "% c" was interpreted
as format sequence. (I thought such a flag results in a leading space
and not truncated bytes but let's ignore this ...)

A fix was simple, just add "%s" as format string and pass the other
string as second argument.

But now I wonder: Is it save to write the following?
printf(_("Hello World: %s"), a_string);

The translation of "Hello World: %s" could contain multibytes. Isn't
it possible that there exists an encoding in which the
translation contains dangerous bytes such as %s (even if the translator
didn't used the 7bit character %)?

I know that this cannot happen with UTF-8, as multibytes always have the
8th bit set for all bytes. But there exist more encodings ...

I tried to workaround by using "%s" as format specifier where possible,
but in the given example it is not possible (except if I parse all
format flags myself instead of asking printf to do so).

Jens

Reply to:

Prev by Date: Re: Hex-a-hop for users
Next by Date: DDTP problem?
Previous by thread: Re: Hex-a-hop for users
Next by thread: DDTP problem?
Index(es):
- Date
- Thread