Re: Build failures on Ubuntu due to gettext

[Carles Pina i Estany]

Hello,

On Dec/07/2009, Colin Watson wrote:
> Ubuntu's GCC enables -Wformat-security by default. This causes GCC to
> (IMO rightly!) complain about constructs such as this:
> 
>   grub_printf (_("foo"));

I see...
(actually some weeks ago I thought about gettext security implications,
and I thought that if someone can change the .mo files there is some
bigger problem for the user... but I understand the point)

> ... because it's all too easy for a translator to (usually
> accidentally) insert % sequences which would cause printf to behave

(side and non-relevant note: if the translator wants to do some damage on
purpose he doesn't need to play with %s and %d, it's as easy as changing
strings from "Press C to Cancel and D to delete" to something like (in another
language) "Press D to Cancel and C to delete")

> incorrectly. This should instead be:
> 
>   grub_printf ("%s", _("foo"));

I like the general idea but I'm not 100% convinced of the
implementation:

a) It's a bit of false security because it's not fixing the case of file
normal/menu_text.c, line 191 (search the string "Use the %C and %C keys
to") or menu_text.c line 374 (search for "The highlighted entry")
(I agree that it's better than before... but not very solid)

b) How would you translate and handle:
grub_printf (_("Hello %s"), name);

The translator really needs "%s" because in other languages can be "%s
hello" (not the best example but maybe you get the point)

c) I'm thinking to implement grub_printf_ (str). I will send a patch
later to see if everybody likes. Then the call for simple strings would
be:
grub_printf_ ("%s", N_("Hello"));

Not much different from:
grub_printf_ (N_("Hello"));

But it's getting hard to print a string :-)

d) (important, even if it's the last one):
How it prevents mistakes from the current msgfmt checks?
For example, and using the option -c in msgfmt:
#: normal/misc.c:67
#, c-format
msgid "test %s t"
msgstr "test %d test2"

/usr/bin/msgfmt -c --statistics -o po/ca.mo po/ca.po
po/ca.po:1183: format specifications in 'msgid' and 'msgstr' for argument 1 are
not the same
/usr/bin/msgfmt: found 1 fatal error
26 translated messages, 213 untranslated messages.

Using any different number of %X from msgid and msgstr ishalting msgfmt (so, if
msgid contains 1 %s and 2 %d, msgstr has to contain the same)

We are talking from _(" "), I see that -Wformat-security is for "string came
from untrusted input and contains" when .mo are trusted. Are they?

How are other projectes implementing it? Specially the dynamic strings.

> Patch follows. I can't help thinking that this would be easier with a
> grub_puts, but perhaps that isn't worth it given the relatively small
> number of occurrences here?

We could replace grub_puts with grub_printf... or some other idea.

> Also, should the line in notify_execution_failure instead be:
> 
> -  grub_printf (_("Failed to boot default entries.\n"));
> +  grub_printf ("%s\n", _("Failed to boot default entries."));
> 
> ... to get rid of the unsightly \n in this translated string?

I really like that this fix the \n discussion that we had :-)

I like the idea and I understand that it's easy to make mistakes
translating strings. Actually I'm surprised that msgfmt is not giving
any warning if the 

-- 
Carles Pina i Estany
        http://pinux.info