[16006] in bugtraq

home help back first fref pref prev next nref lref last post

Re: i18n issues with format bugs

daemon@ATHENA.MIT.EDU (Forrest J. Cavalier III)
Sat Jul 29 15:44:52 2000

Message-Id:  <200007262035.e6QKZDI21743@bean.epix.net>
Date:         Wed, 26 Jul 2000 16:35:14 -0400
Reply-To: "Forrest J. Cavalier III" <mibsoft@epix.net>
From: "Forrest J. Cavalier III" <mibsoft@EPIX.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

Anyone who looked at the I18N problem for more than a minute realizes
that printf-style messages with inlined parameters is a big mess:
There is no clean solution for reordering parameters to fit the
phrase ordering of every human language.

The security implications raised in this thread just add to the
problems.

To eliminate both problems, and get some other benefits, consider
showing parameters separate from the explanation text.

Instead of:

        f = fopen(argv[1],"r");
        if (!f) {
            fprintf(stderr,_("Could not open file %s:%s\n"),
                    argv[1],strerror(errno));
            exit(1);
        }

write it as:
        f = fopen(argv[1],"r");
        if (!f) {
            fprintf(stderr,"%s ",   _("Could not open file."));
            fprintf(stderr,"{%s} ", argv[1]));
            fprintf(stderr,"{%s}\n",strerror(errno));
            exit(1);
        }

Benefits:
   - GCC (or other) can verify that the format-string matches
     the arguments used: it is a constant format string.

     Alternatively, do away with the printf-style function,
     since every call here has exactly 3 arguments.  A wrapper
     function could be written for each parameter type, and that
     will work with any ANSI compiler.  A macro could be used
     to hide some of the details.
          #define ERR_PARMS(s)  (fprintf(stderr," {%s}",(s)))

   - Eases I18N (for the documentation too!)  There is a
     constant text string to translate, not one with embedded
     parameter formatting.

   - The output is easier to process (for humans and machines.)

     For example, it is easier to wrap by TCL, or make a
     post-processor for log files, without resorting to
     advanced regular expressions, or breaking after I18N

Downsides:
   - verbose (although the macro idea helps a lot.)

Forrest J. Cavalier III, Mib Software
   More than 10,000 links to code and the knowledge to use it.
   http://www.rocketaware.com/  Programmer's Webliography
home help back first fref pref prev next nref lref last post