-Werror=format-security and gettext(3)

```
../../opt/lib/csrand.c:70:27: error: format string is not a string literal (potentially insecure) [-Werror,-Wformat-security]
   70 |         fprintf(log_get_logfd(), _("Unable to obtain random bytes.\n"));
      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
```

I've been wondering for a long time why we haven't seen errors from this.  Now I've seen them (by manually disabling some optimizations in my system headers).

So, we're leaving the security of the project entirely to translators, it seems?  If a translator were to change a format string to introduce a vulnerability, we might not notice.  I propose having some serious refactor to reduce translations to a minimum, and to put them in the variadic part, not as part of the format string.  So:

```c
fprintf(log_get_logfd(), "%s\n", _(Unable to obtain random bytes"));
```

Or even better:

```c
fprinte(log_get_logfd(), "csrand");
```

Cc: @ikerexxe 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

-Werror=format-security and gettext(3) #1330

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

-Werror=format-security and gettext(3) #1330

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions