On Wednesday 18 February 2009, Vladimir Nadvornik wrote:
> On st 18. Ășnora 2009, Dan Pascu wrote:
> > On Tuesday 17 February 2009, Vladimir Nadvornik wrote:
> > > -void wmessage(const char *msg, ...);
> > > +void wmessage(const char *msg, ...)
> > > __attribute__((__format__(printf,1,2)));
> >
> > Is this stuff portable to non-linuxes? What does it even mean? I read
> > it an have no clue what is supposed to do. And what is wrong with the
> > original form?
>
> It prints a warning in cases like bellow. I didn't write the patch and
> have no clue if it is portable.
I have a feeling that it's not.
>
> > > - wwarning(_("Color Panel: Could not find file"), "%s",
> > > panel->configurationPath);
> > > + wwarning(_("Color Panel: Could not find file: %s"),
> > > panel->configurationPath);
> >
> > I think it's a bad idea to include string substitutions (like %s) in
> > transaltable strings for 3 reasons:
> >
> > 1. It's easy to corrupt them by error and make the code segfault
> > 2. It's easy co modify them intentionally to exploit the code
>
> How?
Replace %i with %s and you get a segfault. I'm also sure that one can
devise an exploit of a buffer overflow with a properly build translation.
>
> > 3. They can be confusing for a non-programmer who is transalting the
> > file
>
> OTOH in some languages it may be better to change the word order and
> put the file name in the middle of the sentence.
That is true. But it also means you have to audit translations more
carefully to catch such problems.
>
> > Since the original form is also wrong, the prefered way to write that
> > would be:
> >
> > wwarning("%s: %s", _("Color Panel: Could not find file"),
> > panel->configurationPath);
>
> This is also ok
>
> Vladimir
--
Dan
--
To unsubscribe, send mail to [email protected].
