Slashdot Mirror
Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac
An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it’s worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That’s not exactly good news given that this is the latest release of Apple’s operating system, which an increasing number of Mac users are switching to. ... A closer look shows the bug is inside Data Detectors, a feature that lets apps recognize dates, locations, and contact data, making it easy for you to save this information in your address book and calendar."
C-strings strike again.
You're doing it wrong.
no big deal.
Steve
BRB, heading down to the Apple Store...
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
- An obscure library bug triggered by a magic string.
- In the latest version.
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Tried this in every app I could think of and have had no issues (TextEdit, Komodo, iCal, Eclipse, Libra Office, Chrome, FireFox). Not calling shenanigans, but a specific example would be nice.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
No one should ever need to type file:///
There are no bugs. You're doing it wrong
Sounds like a disaster to me.
I tried it for myself with Google Chrome and Firefox and File:/// does crash the software. Very interesting!
THe only difference between a crash and an exploit is one has control when the app leaves the bounds of its ram addresses. Since MacOSX apps have access to file:/// in strings that can leave the control of the app then logic would dictate someone could do a file://sh grep -i .../etc/host cp malware.BAD .../etc/host or something stupid.
I do not own a mac so I do not know. Maybe another slashdoter who owns one who is more intuned with where critical files and services are can try to do execute something with it?
Either way this is not good at all and poor exception handling of some of the string apis.
http://saveie6.com/
didn't kill chrome, didn't kill finder, didn't kill iTunes
What am I doing wrong?
I've tested it in several native apps, (Reminders, Textedit, Preview) and in Adobe Acrobat Pro 9.
Find a text input field, even in preferences and it crashes. Bizarre!
OSX 10.8.2
Build 12C3103
It seems like a harmless bug, rarely would a Mac user have to type File:///
(wait, I typed File:/// and it did not crash Firefox).
Talk about over-egging the pudding. You're talking as if it's a fundamental flaw that ruins the whole operating system. It's a bug. Of course it's not good news, but it's not certain doom for Mountain Lion either.
Bogtha Bogtha Bogtha
Landon Fuller has posted a gist on GitHub with an explanation of the bug and a binary patch to the affected library.
This sig is umop apisdn.
Thoroughly current Mountain Lion on a Macbook Pro here. When I enter "file:///" into apps, I get directory listings, not crashes.
-- Slashdot: When Public Access TV Says "No"
Running OS X 10.8.2 here, and I tried it in TextEdit, Mail, and Safari.. no crash.
"To make a mistake is only human; to persist in a mistake is idiotic." Cicero
http://kleinschmidt.wordpress.com/2006/07/03/i-cannot-be-played-on-record-player-x/
We have some text files from a Unix system named aux.something Trying to copy them or open them in Windows causes the whole system to grind to a halt.
----------------------------------- My Other Sig Is Hilarious -----------------------------------
About 3 or 4 years ago it was possible to crash recipient's (iChat or radium, don't remember) IM app by sending Abort, Retry, or Fail? In an IM to someone that had text to speech enabled. Used to have fun with our manager. :)
Confirmed personally. OSX 10.8.2, 2011 mac mini. Entered the text into the search box in finder, crashed. It recovered fully in about 30 seconds though.
Good-bye
This is the stack trace mentioned in the article:
http://pastebin.com/UkhERvaA
Doesn't look like a c-string or printf issue to me at all.
There's no -1 for "I don't get it."
Tried it, capitals and all, no crash
"Where is my mind?"
I tried this in Safari on Lion. Capital F required, but indeed just "File:/// " crashes it.
Then you get a pop-up asking if you want to report the problem to Apple? Sure.
But then that crashes with a pop-up reporting that crash reporter has crashed. Bonus!
"Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats
You used to be able to BSOD a Windows 95 or 98 machine by trying to read C:\con\con, and this included any web pages that requested file://C:/con/con.
No one should ever need to type file:///
There are no bugs. You're doing it wrong
Yes, they are doing it wrong, by typing file:/// in lowercase, or not typing it at all. So the obvious question is: "how can I type it right for them?" If I include "File:///" in an email I send to a Mountain Lion user, will it crash his Mail.app? Or if someone quotes it in a reply here?
That could become a cool little meme.
I searched in the Finder (iMac running 10.8.2) and got nothing strange. I tried Chrome, Firefox, Safari, Mail, a few text editors ... nothing. Sorry.
didn't some thing like @sony crash mac os 6?
Just crashed my Safari - and now it won't reopen! It crashed my Internet! Help!!!
Cannot replicate in any app in linux.
If this is an assert as it appears to be, my question is, why is it in shipping code. Normally asserts are controlled by the NDEBUG symbol (or equivalent) which is undefined in optimized builds. In my opinion asserts should not be in shipping code. You should have something more solid in place.
It's encouraging that such a minor obscure bug makes a supposedly newsworthy article. That's progress. Back in the day almost anything could crash a Mac (or any other PC), including just leaving it on for a sufficiently long period, so the fact that a crash of this type makes news today shows how much progress we've made.
Ok, I didn't believe this, I thought it might be a hoax so I wanted to try this and typed it into a file in the TextEdit.app, and it crashed the TextEdit.app completely!!!!! I had a 10 page paper that I was writing in there opened and it hadn't failed yet. The paper is due tomorrow!! is there a way to sue apple for damages over this?!!?!!!!??
Good way to restart Spotlight :)
Holy. Shit. We better add the Mac keyboard to the list of assault weapons quickly. They need to vote on banning those commandQ tactical strike weapons immediately.
Clearly Apple has been invaded by terrorists and we need 3 trillion dollars for the new iTSA branch.
Apple store employees will be trained by Navy SEALs and heavily armed. Those found executing any CLI in any Apple store will be deemed a terrorist threat and will be shot on sight.
Vote to rai...er, eliminate the debt ceiling in the name of terrorism.
Oh, and while we're at it, we're going to put all pot smokers on death row for their atrocious crimes against humanity to justify the War on Drugs.
(sad part is actual policy is passed with far more lunacy than this weak-ass example.)
Mehhh... if you're capitolizing the `f' in `file://' then you argueably deserve to have your .app crash... think of it as pavlovian negative feedback. We can all agree on this, you atleast should get some kind of punishment,,, agreed?
BTW I don't own any mac products at this time, so please don't call me one of those apple-user relate vile utterances (i.a., `mac fanboi'). tyvm
They're responsible for every computer fuck up now
Orange Monkey Eagle
http://roosterteeth.com/archive/?id=4600&v=more
it's a feature and I'm just holding it wrong... got it
Just does nothing at all when clicked on, but that's not really a surprise since data detectors are not involved at that point. It's just rendering HTML so there's nothing to detect, the spec already says what it is and what it does.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Go F yourself if you can't be F'd to read and notice the F'ing capitalization, you motherF'ing F'ers.
Well, so much for the quality of Apple software compared to Microsoft. MSOffice 2011 handles this string perfectly. Every piece of Apple software goes down in flames. Word makes it into a link, Excel and Power Point treat it as text, I didn't pay for Outlook so I don't know about it handles this string.
If you're like me and send feedback to Apple when things go sideways, you can't on this. The Crash brings down the error reporting function "Problem Reporter". As soon as you click into the text field to describe the error it crashes too. Please note from my log:
2/2/13 8:43:18.001 PM Problem Reporter[517]: assertion on /SourceCache/DataDetectorsCore/DataDetectorsCore-269.1/Sources/PushDown/DDResultExtraction.c:1576 "CFStringHasPrefix(urlVal, CFSTR("file://"))" failed :wrong extraction: File:///
2/2/13 8:43:18.001 PM Problem Reporter[517]: wrong extraction: File:///
2/2/13 8:43:18.001 PM Problem Reporter[517]: An uncaught exception was raised
2/2/13 8:43:18.002 PM Problem Reporter[517]: condition "wrong extraction: File:///"
2/2/13 8:43:18.003 PM Problem Reporter[517]: (
I love the last line, is that open parenthesis supposed to be there all alone like that? This is a horrendous bug.
I noted that MSOffice seems to be immune. MS still uses Carbon instead of Coca as their framework. Is this a case of the old ways are still the best ways? Or is this an other case of Apple needs to improve their Quality Assurance.
Adam Engst of Tidbits has an article up on the Tidbits site on a Pages 4.3 bug that nearly prevented him from publishing his Take Control ebook on iTunes 11.
Why can't Apple stop using these hokey names for their software versions after release? There is no means of knowing what version it is, and it requires out-of-band knowledge of the most useless type. "About this Mac" quotes the grown-up version number. The names are 100% pure loss
tone
This is apple we are talking about. Somehow this is a feature...
On Mac OS X 10.6.9, 'File:///' input to Safari directs to the volumes.
To my understanding Mac OS X 10.7 and later have attempted removal of the net BSD and other UNIX traits of Mac OS X.
That was the principal reason I have not upgraded nor bought a new Mac (Pro or Desktop or Mini).
Alas, I would say that it is the UNIX traits of Mac OS X that made it the winner in the 2000s. Now, Apple Computer has
morphed into Apple Inc. and have determined UNIX, which brought them back from the grave, NOT Steven P. Jobs, is
excommunicated.
This is now the reason for their fall in stock price and failure, as a company, as human beings.
When Apple Inc. stock price craters at $50, kiss good by their 'Star Ship' Headquarters.
No money to pay for it !
XD
Since I haven't upgraded thanks to Apple's removal of scroll arrows, I can still type "File:///" on my Mac all I want. However, I can't imagine why I would want to.
It would be funnier if merely RENDERING "File:///" would crash the Mac.
After trying this in every app I could think of, and failing to crash them, it turns out that this is case sensitive.
Some dude has done a more detailed analysis over on github but the long and short of it is that there is a specific check in the code for 'file://' and any other case will cause it to crash. All caps - crash. Capital F and the rest in lower-case - crash. All lower-case and a capital L - crash.
Specialist Mac support for creative pros, Melbourne
I found a similar bug in windows. When I type alt-F4 it crashes my programs.
Aquamacs does not seem to understand what the slave process know as "OSX" is on about in this case.
Probably not important.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Crashes Chrome when I type file:/// into the address bar. But does not crash Safari. Strange right?
Webkit?
It appears that this has something to do with URL validation for automatic hyperlinking in text fields. I am assuming that it does some sort of procedure that causes File:///[no carrier]
Sig: I stole this sig.
Block java.
Doesn't crash Terminal though. Is there any significance to that?
Wonder what would happen if someone tried to make that their password.
Every single application I have open didn't crash.
Excel
Pages
Chrome
FireFox
Safari
Terminal
iTunes
Omnigraffle Pro
Activity Monitor
Keychain
Preview
"Doctor, it hurts when I do this... Can you help me?"
"Sure, don't to that."
I'm going to give some free advice to users of Apple's OSX Mountain Lion: Don't do that.
You are welcome on my lawn.
It's a commented assembly listing with a proposed hacky fix in assembly.
It is a uppercare/lowercase problem. They test for file:// exception by making a lower case comparison, which means File:/// FILE:/// fILE:// etc. all slip through, which causes a different type of object to get returns to programs which don't except it.
I wonder if it's an even more insidious problem, such as a compiler bug where the assert() isn't checked, but the expression being asserted is evaluated anyways. *That* would be insidious, since the (good) practice of making the assert() calls not go off would work to *actively hide the problem*!
I call a feature. Another option to Force Quit is great!
You did realize that a link does NOTHING because it's a bug in auto-detect code, right? I mean a link you post doesn't need to be detected, because it's a link... so clicking on your link on a Mac does NOTHING WHATSOEVER.
What a doofus.
Now, to use some JavaScript or HTTP Redirects to auto-load that URL, and have some REAL fun.
Which would have the same effect... I'm not sure why you get your jollies out of posting links that are inoperable, you may as well be posting text marked-up to have underlines.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
My fix is much simpler, to never type in a string I have never typed before for any reason anyway.
I mean, honestly - who capitalizes a URL scheme anyway? A C# developer? Madness.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
So what company was it that got the BEST developers from FreeBSD? Oh, never mind that company won't be around much longer anyways.
It just works...
I thought everyone knew File:/// is the new Command-Q
I wonder if automatic quoting of a message on an online message board could cause a crash of the web browser ...
Many message boards, although not Slashdot, has quoting of the previous message enabled by default when you click the [Reply] button. That would copy the previous post into a text field, which would trigger the bug, apparently.
Then all a MacOS/Mountain Lion user would have to do to crash his web browser on those message boards would be to hit the Reply button to the wrong post.
I expect File:/// trolling to explode on message boards in the next few days ...
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
" Crashing is not dealing with the error." - by Darinbob (1142669) on Saturday February 02, @09:54PM (#42775199)
See my subject-line above, & this -> http://apple.slashdot.org/comments.pl?sid=3429511&cid=42776753
Mainly since I provide an example in code per your statement...
* :)
(Total agreement here with your sentiments, & that's how I deal with that @ times (on the override of std. err-handling by compiler structured error handling)).
APK
P.S.=> It works, & apps don't "fall on their face" plus, letting the user 'recover', as well as the app itself, gracefully MINUS "crashing", too (At times, I even pipe std. errs from compiler structured error handling to a log, & give the user a 'friendlier message' to contact sysadmins or developers with)
For the user: By making sure controls they used re-enable as well (since I disable them, & especially IF/WHEN they're spawning multiple threads to avoid race conditions & such) & issuing them a message they can understand better, if not warn them to contact devs/admins in that instance also (who get the actual errlog with the more 'complex' message from structured error handling)...
... apk
Apple, patent this!!! Patent this bug quickly!!!
It turns out that some programs (e.g. Unison, a usenet reader) will crash if they try to display a document containing the string. Quite possibly more will turn up - they'll be programs that try to recognise URLs and display them as a link.
If you are into exponential tech and futuristic tech check out my blog. Heres one on synthetic meat. http://mikecole858.blogspot.com/2013/02/fake-meatits-whats-for-dinner.html?m=1
Everyone's making fun of this, but this really is appalling. Apple has had nothing but trouble since Steve Jobs died. Just as people predicted. It shows that modern OS's are so bloated that it is impossible to remove all bugs. OS X and Windows 8 probably contain other similar bugs, but we just haven't found them. I would like to believe that bug-free code is possible. Perhaps Apple need to change their programming paradigms. If you want true security you need to greatly minimize your operating system and compartmentalise its tasks, so that it can be exhaustively bug-checked. Adding "features" to an operating system simply creates new security holes. We laugh at the Space Shuttle for running on 386's, and there's a bank here that still runs its terminals on OS/2, but there are applications for which code reliability is absolutely paramount. Think of space probes, nuclear weapons, pacemakers... Richard
Is it possible to change your login name to: File:/// ? If so what happens?
Yeah, right. As if I'm going to crash my Mac by simply typing File://
It's an odd bug, but how many people are really going to be using this command on a Mac? Let's rephrase that: how many people actually know of this command, Windows or Mac users? I have probably used this command maybe a half dozen times in probably 10 years, and that is because Explorer or something has hard locked on me, and killing and restarting the process doesn't work, and I need to save or copy or move something before I reboot.
Now I will grant that I know many more geeks and nerds on Macs now than even 5 years ago, so I am not going to make the joke that "no Mac user would use this". I am just wondering how many people this really effects, and even those users who know about the command, how many would know that it was broken if not for this article.
I tested this on my Mac running Mountain Lion. I tested with Safari, BBEdit, and Mathematica. NO CRASH. something else is going on here.
Why would you be typing "file" anything in Mac OSX? Trying to relive your old DOS days?
Bunch of weirdos....
Mumble mumble mum....
Apparently this is a fault with autocorrect, which is enabled-system wide. If you disable it the bug doesn't work anymore.
Does it make you happy you're so strange?
It not only crashed Safari, but also crashed the bug report when I typed what I did to cause the crash!
This is fun!
Just a dude. Stuck in IT.
I find it hard to believe such an error exists, but I tested it on my MacBook Pro by typing it into Safari "File->OpenLocation" and sure enough it a bended Safari just like that. I said, "Dad, it hurts when I do this...", he said, "Don't do that". Given that this is now a known and discussed , it is very surprising that it has not been fixed right away by a software update. It does not take admin privileges to try to open a file by that name. Now all it seems to do is crash a single App, like Safari, but what if this was fed to a system process such that it cripples the OS if it crashes?
http://xkcd.com/1163/
(Referring to the image title tag.)
Tried this on my ML Mac and it only crashes TextEdit, not "almost every application".
I hate this false blanket statement that is commonly used to defend shitty software. All software does NOT have bugs! If all software had bugs, no software would act as designed and no software would function correctly; Computer use would be virtually inpossible. A more correct statement would be "As complexity in software increases, so does the propability of bugs."
Don't go like that then.
(1.21 gigawatts) / (88 miles per hour) = 30 757 874 newtons
There have always been problems like this and I always think they're hilarious. In old versions of Windows you could click Start -> Run -> and type con/con. Hit enter and the system would blue screen
Wouldn't it be great IF you knew how to do things like this -> http://apple.slashdot.org/comments.pl?sid=3429511&cid=42776753
So you too could actually contribute AND be on topic instead of being a troll like yourself that actually has a "registered 'luser'" account but is trolling me by ac posts all thru your posting history for weeks now -> http://slashdot.org/~Sardaukar86 ?
Butthurt fanboy detected.