Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It’s just bad code and even worse error handling. The program runs a heartbeat that lets the rest of the car know all is well when things are running smoothly. When the program hangs, the heartbeat stops. When the heartbeat is interrupted for long enough, it’s programmed to reboot. With that in mind, when the owner queues up the podcast the system attempts to decode an unsanitized string (the podcast title) as if it were percent/URL encoded. When it encounters an error because “% I” is not a valid character reference, it hangs.

The worst part is that the car owner was told that a firmware update would “likely” fix it but they would have to pay for it.



This seems like grounds for a class action lawsuit. Owners have been harmed by loss of car function and they are reasonably numerous.


No, it's a format string vulnerability.


Go read this section of the transcript[0]

[0]: https://99percentinvisible.org/episode/the-roman-mars-mazda-....


That section of the transcript is incorrect, despite being from someone who worked on it. It's obviously a printf bug because it only happens with %n with valid modifiers: https://www.reddit.com/r/gimlet/comments/bdxht4/hey_its_ben_...


Despite the fact that he confirmed it’s not C code and despite the fact that the failure case has spaces in it which make it invalid? What am I missing here?


He's wrong, it is getting parsed in C. glibc happens to allow ' ' as a modifier to %n: https://gcc.godbolt.org/z/zaTnjzEY3




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: