Hacker News new | past | comments | ask | show | jobs | submit login
The Roman Mars Mazda Virus (gimletmedia.com)
2 points by mlevental on April 13, 2019 | hide | past | favorite | 3 comments



Executive summary: late model mazda 6 entertainment consoles apparently don't escape text and parse the % in "99% invisible" as ... something. I'd be interested to know what people think this might be.


I think the most likely explanation is that the podcast name is being treated as a printf format string, something they mentioned in the show but erroneously dismissed. "% In" would be parsed as a "%n" directive, which can write arbritrary memory addresses and easily lead to a crash.

http://man7.org/linux/man-pages/man3/printf.3.html

https://en.m.wikipedia.org/wiki/Uncontrolled_format_string





Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: