[pacman-dev] [PATCH 1/2] split "Packages (%zd):" message
andrew.gregory.8 at gmail.com
andrew.gregory.8 at gmail.com
Fri Mar 1 08:28:45 EST 2013
On 02/28/13 at 06:58pm, Dave Reisner wrote:
> On Feb 28, 2013 6:56 PM, "Simon Gomizelj" <simongmzlj at gmail.com> wrote:
> >
> > Basically all translation messages that need colouring but _also_ happen
> > to be format strings need to be split up.
> >
> > This makes it easy to conditionally embed colour codes into the output
> > at runtime.
> >
> > Signed-off-by: Simon Gomizelj <simongmzlj at gmail.com>
> > ---
>
> I say this without really knowing how gettext works, but this looks like it
> closes a potential format string vulnerability.
>
> > src/pacman/util.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/pacman/util.c b/src/pacman/util.c
> > index 3270c74..b5ee841 100644
> > --- a/src/pacman/util.c
> > +++ b/src/pacman/util.c
> > @@ -871,7 +871,7 @@ static void _display_targets(alpm_list_t *targets,
> int verbose)
> > }
> >
> > /* print to screen */
> > - pm_asprintf(&str, _("Packages (%zd):"), alpm_list_count(targets));
> > + pm_asprintf(&str, "%s (%zd):", _("Packages"),
> alpm_list_count(targets));
> > printf("\n");
> >
> > cols = getcols(fileno(stdout));
> > --
> > 1.8.1.4
> >
> >
>
The gettext documentation suggests using format strings with full sentences
rather than this type of string concatenation [0], and it is capable of
checking that translated format strings are compatible [1].
[0] http://www.gnu.org/software/gettext/manual/gettext.html#Preparing-Strings
[1] http://www.gnu.org/software/gettext/manual/gettext.html#c_002dformat-Flag
More information about the pacman-dev
mailing list