Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jmgao
on Feb 9, 2022
|
parent
|
context
|
favorite
| on:
Thousands of Mazdas in the Seattle area are stuck ...
No, it's a format string vulnerability.
CSSer
on Feb 9, 2022
[–]
Go read this section of the transcript[0]
[0]:
https://99percentinvisible.org/episode/the-roman-mars-mazda-...
.
jmgao
on Feb 9, 2022
|
parent
[–]
That section of the transcript is incorrect, despite being from someone who worked on it. It's obviously a printf bug because it only happens with %n with valid modifiers:
https://www.reddit.com/r/gimlet/comments/bdxht4/hey_its_ben_...
CSSer
on Feb 10, 2022
|
root
|
parent
[–]
Despite the fact that he confirmed it’s not C code and despite the fact that the failure case has spaces in it which make it invalid? What am I missing here?
jmgao
on Feb 10, 2022
|
root
|
parent
[–]
He's wrong, it is getting parsed in C. glibc happens to allow ' ' as a modifier to %n:
https://gcc.godbolt.org/z/zaTnjzEY3
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
