On 02/28/13 at 06:58pm, Dave Reisner wrote:
On Feb 28, 2013 6:56 PM, "Simon Gomizelj" <simongmzlj@gmail.com> wrote:
Basically all translation messages that need colouring but _also_ happen to be format strings need to be split up.
This makes it easy to conditionally embed colour codes into the output at runtime.
Signed-off-by: Simon Gomizelj <simongmzlj@gmail.com> ---
I say this without really knowing how gettext works, but this looks like it closes a potential format string vulnerability.
src/pacman/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/pacman/util.c b/src/pacman/util.c index 3270c74..b5ee841 100644 --- a/src/pacman/util.c +++ b/src/pacman/util.c @@ -871,7 +871,7 @@ static void _display_targets(alpm_list_t *targets, int verbose) }
/* print to screen */ - pm_asprintf(&str, _("Packages (%zd):"), alpm_list_count(targets)); + pm_asprintf(&str, "%s (%zd):", _("Packages"), alpm_list_count(targets)); printf("\n");
cols = getcols(fileno(stdout)); -- 1.8.1.4
The gettext documentation suggests using format strings with full sentences rather than this type of string concatenation [0], and it is capable of checking that translated format strings are compatible [1]. [0] http://www.gnu.org/software/gettext/manual/gettext.html#Preparing-Strings [1] http://www.gnu.org/software/gettext/manual/gettext.html#c_002dformat-Flag