Translated strings with sprintf %-directives

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Translated strings with sprintf %-directives

Bernd Edlinger
Hi Joseph,

I just noticed that translated strings might have different
sprintf arguments than the original message:

$ LANG=de_DE.UTF-8 gcc -v --help|&grep shadow
  -Wintrinsic-shadow          Warnen, wenn eine Benutzer-Prozedur denselben Namen wie ein Intrinsic hat.
  -Wshadow-ivar               Warnen, wenn eine lokale Deklaration von %qE eine Instanzvariable verdeckt.
  -Wshadow                    Warnen, wenn eine Variable eine andere überdeckt. Entspricht -Wshadow=global.
  -Wshadow-compatible-local   Identisch mit -Wshadow=compatible-local. Verwenden Sie daher bitte diese Option.
  -Wshadow-local              Identisch mit -Wshadow=local. Verwenden Sie daher bitte diese Option.
  -Wshadow=compatible-local   Warnen, wenn eine lokale Variable eine andere lokale Variable oder einen Parameter mit gleichem Typ überdeckt.
  -Wshadow=global             Warn when one variable shadows another (globally). ist identisch mit -Wshadow.
  -Wshadow=local              Warnen, wenn eine lokale Variable eine andere lokale Variable oder einen Parameter überdeckt.
  -fasan-shadow-offset=<Zahl> Spezifischen Offset für Schattenspeicher verwenden.

while

$ LANG=C gcc -v --help|&grep shadow
  -Wintrinsic-shadow          Warn if a user-procedure has the same name as an intrinsic.
  -Wshadow-ivar               Warn if a local declaration hides an instance variable.
  -Wshadow                    Warn when one variable shadows another.  Same as -Wshadow=global.
  -Wshadow-compatible-local   Same as -Wshadow=compatible-local.  Use the latter option instead.
  -Wshadow-local              Same as -Wshadow=local.  Use the latter option instead.
  -Wshadow=compatible-local   Warn when one local variable shadows another local variable or parameter of compatible type.
  -Wshadow=global             Warn when one variable shadows another (globally).  Same as -Wshadow.
  -Wshadow=local              Warn when one local variable shadows another local variable or parameter.
  -mshstk                     Enable shadow stack built-in functions from Control-flow Enforcement Technology (CET).
  -fasan-shadow-offset=<number> Use custom shadow memory offset.


so the translated string value of -Wshadow-ivar has a sprintf format directive,
while the original string does not.  In this case it is not used with with sprintf
so nothing happens with the string, but that is probably not always the case.

But I wonder if that would be a kind of a security concern otherwise.

Shouldn't there be an automatic check that the %-directives are given in
the original and the translated message are exactly the same?


Bernd.
Reply | Threaded
Open this post in threaded view
|

Re: Translated strings with sprintf %-directives

Andreas Schwab-2
On Sep 08 2019, Bernd Edlinger <[hidden email]> wrote:

> Shouldn't there be an automatic check that the %-directives are given in
> the original and the translated message are exactly the same?

There is, but only if the original message is marked as a format string
in the first place.

Andreas.

--
Andreas Schwab, [hidden email]
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756  01D3 44D5 214B 8276 4ED5
"And now for something completely different."