Slashdot Mirror

← Back to Stories (view on slashdot.org)

Typing These 8 Characters Will Crash Almost Any App On Your Mountain Lion Mac

Posted by Soulskill on from the break-different dept.

An anonymous reader writes "All software has bugs, but this one is a particularly odd one. If you type "File:///" (no quotes) into almost any app on your Mac, it will crash. The discovery was made recently and a bug report was posted to Open Radar. First off, it’s worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. That’s not exactly good news given that this is the latest release of Apple’s operating system, which an increasing number of Mac users are switching to. ... A closer look shows the bug is inside Data Detectors, a feature that lets apps recognize dates, locations, and contact data, making it easy for you to save this information in your address book and calendar."

84 of 425 comments (clear)

  1. printf by Sigvatr · · Score: 2, Funny

    C-strings strike again.

    1. Re:printf by Anonymous Coward · · Score: 5, Informative

      Not likely. It crashes due to an assertion failure and subsequent exception being thrown.

    2. Re:printf by Anonymous Coward · · Score: 5, Funny

      Here speaketh the Apple fan. No matter what... it's a good thing.

    3. Re:printf by Anonymous Coward · · Score: 5, Insightful

      as a programmer myself, when coding something and a harmless and not completely unexpected input occurs, your program shouldn't crash, due to any reason, asserts included. Such a failure is sign of nothing but lazy programming and even lazier unit testing.

    4. Re:printf by Anonymous Coward · · Score: 3, Insightful

      When you detect that your program is in an inconsistent state, is it better to continue executing, possibly corrupting data and granting an attacker access to your system, rather than aborting the program and providing a stack trace to help diagnose why things went wrong?

    5. Re:printf by TheRealMindChild · · Score: 2

      Exceptions should be exceptional. A bad string isn't exceptional

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    6. Re:printf by Dahamma · · Score: 4, Insightful

      No, it's better to return an error or thrown an exception rather than assert when the input to a function is perfectly reasonable but not what you expect.

      And, in the end, who knows. Maybe it was the caller aborting by not handling the error/exception. In which case it's STILL bad coding by someone, as this is not an exceptional case...

    7. Re:printf by EvanED · · Score: 5, Insightful

      Yes, input validation is usually a good thing and no amount of you hating Apple Inc is going to change that.

      That's true. But a crash is not the way to handle invalid input.

    8. Re:printf by Savage-Rabbit · · Score: 5, Informative

      I have also had the impression that assert() is a hack that shouldn't be used much (?).


      $ man assert

      NAME
                assert -- expression verification macro

      SYNOPSIS
                #include

                assert(expression);

      DESCRIPTION
                The assert() macro tests the given expression and if it is false, the
                calling process is terminated. A diagnostic message is written to stderr
                and the abort(3) function is called, effectively terminating the program.

                If expression is true, the assert() macro does nothing.

                The assert() macro may be removed at compile time with the cc(1) option
                -DNDEBUG.

      Somebody forgot to remove some debugging code, embarrassing but hardly something that hasn't happened before and definitely not the end of the world as we know it.

      --
      Only to idiots, are orders laws.
      -- Henning von Tresckow
    9. Re:printf by fyngyrz · · Score: 4, Insightful

      C-strings strike again.

      Nope. Lousy programmers strike again. There's nothing at all wrong with c-strings. There is, however, a sufficiency of lousy programmers who lack the skill to handle perfectly simple data structures. Seriously, if you can't handle a zero terminated string or keep from overrunning an array, it's not the string format that's the problem. It's you.

      Assuming the problem here is a string problem may be jumping the gun, too. Could just as easily be something else.

      --
      I've fallen off your lawn, and I can't get up.
    10. Re:printf by Anonymous Coward · · Score: 3, Informative

      I agree with you, you couldn't abort on bad input.

      However, based on my interpetation of what is happening, this isn't what is happening. My expecation is as follows:

      The user types something in an address bar.

      That string is passed to hypothetical function 'process_uri'.

      'process_uri' sees that it is a file uri, and passes it to the hypothetical function 'process_file_uri'.

      'process_file_url' sees that it wasn't given a file uri, and aborts.

      The problem ISN'T that the use gave bad input. If process_uri was given a URI it didn't recognize, it would have generated a proper error and not called anything. If process_file_url was given a path to a file that didn't exist, it too would have generated a proper error. The problem IS that process_uri and process_file_uri have different expectations on what constitutes a proper file uri.

    11. Re:printf by Anonymous Coward · · Score: 3, Informative

      Not likely. It crashes due to an assertion failure and subsequent exception being thrown.

      Yeah. Data Detectors on Macs is just like Semantic Desktop on KDE. When I make a fresh install of the OS, disabling these pesky little "features" is one of the first things I do. I'm glad somebody somewhere out there finds them useful but I definitely don't.

    12. Re:printf by Anonymous Coward · · Score: 5, Informative

      as a programmer myself, when coding something and a harmless and not completely unexpected input occurs, your program shouldn't crash, due to any reason, asserts included. Such a failure is sign of nothing but lazy programming and even lazier unit testing.

      Sorry, but you are wrong.

      By the time you fail an assertion, you better crash because you're not supposed to be there. The code in FRONT of the assertion is supposed to prevent that.

      Assertions go between the input checking front, and the sane input needing rear. Their only purpose in life is to prevent an unknown state in the rear guts, not to do what should have been done up front.

    13. Re:printf by matunos · · Score: 4, Informative

      And yet, unchecked input is the root of almost all software vulnerabilities

    14. Re:printf by AuMatar · · Score: 2, Insightful

      Totally and completely fucking wrong. A well written program should not crash for any reason. It should alert the user and allow new input or fail gracefully, not suddenly crash. Asserts should always be compiled out in release code, and cause premature return from the function with an error code or reasonable default, it should NEVER crash on release.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    15. Re:printf by Jorl17 · · Score: 4, Insightful

      This is not input checking. Input checking is checking the input for validity and acting accordingly. This is an assert, which is usually used as a way for programmers to make sure they didn't fuck up. If it is triggered, then the programmer fucked up. That's how it's supposed to be used.

      Hence, the programmer fucked up, and this isn't input checking. It is nevertheless, IMO; a good practice to assert things (in debug code), but it also isn't checking for valid inputs, it's checking for programmer stupidity.

      --
      Have you heard about SoylentNews?
    16. Re:printf by Obfuscant · · Score: 4, Informative

      A bad string isn't exceptional

      Especially when the interpretation of that "bad string" is supposed to be CASE INSENSITIVE and the "exception" occurs because one character is upper case.

      URI are defined here, and the part that deals with the "file:" or "http:" part (called the "scheme") says this:

      3.1. Scheme ...

      Scheme names consist of a sequence of characters beginning with a letter and followed by any combination of letters, digits, plus ("+"), period ("."), or hyphen ("-"). Although schemes are case- insensitive, the canonical form is lowercase and documents that specify schemes must do so with lowercase letters. An implementation should accept uppercase letters as equivalent to lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the sake of robustness but should only produce lowercase scheme names for consistency.

      Emphasis mine.

      This is a case of a programmer implementing a feature defined in a standard and ignoring the standard when doing so. Not lazy, just ignorant and stupid. Just like the ignorant stupid programmers who write javascript email address verifiers that refuse to accept valid email addresses because they contain characters like '+'. Those programmers should be shot.

    17. Re:printf by Darinbob · · Score: 2

      Check the input, then deal with the error. Crashing is not dealing with the error. Assert should be used for "should never happen" cases, like pre/post-conditions.

    18. Re:printf by Darinbob · · Score: 4, Insightful

      To the user, there is no difference between crashing due to an assert or crashing due to following some strange pointer. Now the assert may give the developer more information to work with to fix the bug, but it should always be considered a major failing if a user ever sees it.

    19. Re:printf by matunos · · Score: 2

      assert should be compiled away in production code. :-)

    20. Re:printf by Darinbob · · Score: 3

      Well, yes, but the last three jobs we've had to leave them in...

    21. Re:printf by TheRealMindChild · · Score: 2

      The point of assert is to set a breakpoint to go to during unit testing

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    22. Re:printf by shutdown+-p+now · · Score: 5, Insightful

      assert() isn't really "debugging code". It's more of a sanity check - as the name implies, it's a macro that checks that expression is indeed true, where the standing assumption on this particular code path is that it must be true. If it's not true, then there's a logic bug somewhere in the program, and that may lead to data corruption or worse. So liberally sprinkling asserts around and leaving them in release builds actually helps - it's far better to fast-fail than to continue running the process in a potentially corrupted state, from security perspective.

      Of course, the assert shouldn't be triggered in the first place - the fact that they somehow got into this state is itself a bug, which they should fix. Still, kudos to Apple folk for handling this one in a manner that makes it useless for an exploit.

    23. Re:printf by shutdown+-p+now · · Score: 5, Insightful

      A perfect program should not crash for any reason - but very few programs of any considerable size are perfect. And even well-written software has bugs.

      Asserts are meant to indicate that the condition should always be true on this particular code path - that's why it's called an "assert". It's not a tool to check for exceptional conditions and gracefully handle them - you have conditional statements (and exception handling, if the language supports that) for those purposes. You use assert after you have used a conditional to fork off onto a code path to assert that all the implied conditions are, indeed, true. If the conditions are not true, it indicates a bug in the logic of the program - the assumption was not correct. There is no way to gracefully handle that, because you don't know where exactly the problem is, and therefore you can no longer rely on the state of your process being correct. If you hit an assert, it means that some objects you thought to be alive are now dead, and you might have dangling pointers around. Or maybe some variables that you think have correct values in them have something outdated and completely irrelevant. Either way, if you keep running, you risk integer and buffer overflows - and from there, execution of arbitrary injected code. From security perspective, this is the worst scenario you can end up with, especially for an application facing the network or processing external inputs from the network. Fast-fail (i.e. consistently crashing right away) is much preferable to that, even if it inconveniences the user.

    24. Re:printf by Jorl17 · · Score: 2

      You're right, the performance difference is negligible. I guess it's just a habit I've developed, though when I come to think of it, it really makes some sense to leave that in release code. OTOH, it might reveal what you expect a function to do more easily, thus facilitating reverse-engineering if one is afraid of that.

      --
      Have you heard about SoylentNews?
    25. Re:printf by gargleblast · · Score: 2

      as a programmer myself, when coding something and a harmless and not completely unexpected input occurs, your program shouldn't crash, due to any reason, asserts included. Such a failure is sign of nothing but lazy programming and even lazier unit testing.

      Whoa there!

      1. Don't worry about the harmless. WORRY about the HARMFUL
      2. Don't worry about the "not completely unexpected". That is, of course, the expected. WORRY about the UNEXPECTED
      3. "your program shouldn't crash" ... thank you Capt'n Obvious. Now quick: think of three things a program can do that are worse than crashing.

      Bzzzt. Time's up. Did you get: (1) Have exploitable security flaws; (2) Corrupt or delete data; (3) Hang or livelock. There are others.

      Cheers.

    26. Re:printf by shutdown+-p+now · · Score: 2

      I think I'd worry about security (think dangling pointers and integer/buffer overflows in case your data isn't in a state you expect it to be) before worrying about ease of reverse engineering in pretty much every scenario I can think of. In the end, if someone really cares that much about my code, they will reverse engineer it one way or another - by tracing all the way through the assembly, if necessary. Weaker security, on the other hand, means potential problems for users of my code - i.e. my employer's customers. When you have a lot of customers, that can add up to a major snafu real quick - not to mention the moral responsibility.

    27. Re:printf by Bomazi · · Score: 5, Informative

      You don't understand what assert() is for.

      It doesn't cause a crash. Quite the opposite. It is a way of deliberately causing program termination upon encountering an internal inconsistency; precisely so as to avoid a crash, a silent failure or some other undesirable behavior.

      Obviously, in a bug-free program, assert() would never trigger and is therefore unnecessary. In the real world it is a useful safety net.

      Note that assert() is sometimes used to catch runtime errors. That is indeed inappropriate. But you shouldn't condemn the tool because it is sometimes used incorrectly.

    28. Re:printf by AuMatar · · Score: 2

      You can remove asserts because your program is NEVER supposed to rely on them. The following code:

      assert(foo!=null); //do something

      is WRONG. Because it depends on the assert. The correct way to code it is

      if(foo == null){
              assert(false);
              return some_error_value;
      } //do something

      Crashing is NEVER acceptable. And you cannot assume its ever an option in a production system- when you crash cleanup code is not necessarily run, and you can leave the system in an unrecoverable state. Fucking amateur.

      --
      I still have more fans than freaks. WTF is wrong with you people?
    29. Re:printf by Macman408 · · Score: 4, Informative

      I used to think the same way about kernel panics in an operating system - I thought there was no reason why the system should ever halt. And then I had an OS class, where it was pointed out that halting is a quite valid choice when encountering an error condition that indicates that something has gone fundamentally wrong. For example, if you have an allocation bitmap that tells you what parts of your disk is in use, and what parts are free, it has a checksum, and the checksum is incorrect. It may very well be that the safest thing to do in this case is halt, rather than risk a write making it to the disk and overwriting a block that is in use. The user can reboot, and that will probably be the best way to recover from the error. It might be possible to display an error message, however since the code to display such a message is not often used, it's likely still on the disk (it was either never loaded, or was loaded and then swapped out of RAM). So you might think it's safe to try to read the disk still - but you have to set some state somewhere saying that under no circumstances should you write anything while you try to load this code. But what's to say that whatever state you set is working? Obviously something is broken, your checksum was wrong! And for that matter, if you need to swap something else out to load this new code in, you can't, because you've decided that writes are now unsafe. For that matter, maybe the disk is acting up - maybe it'll interpret a read command as a write, or take some other completely bogus action. Or maybe what you think is your memory-mapped disk is now really the network card, because some CPU configuration registers picked up a bad value. Bottom line; there are definitely good reasons to just stop a program, OS, or whatever when you detect an error that should never happen.

      That said, this case is not one of those good reasons.

    30. Re:printf by BasilBrush · · Score: 4, Insightful

      I have also had the impression that assert() is a hack that shouldn't be used much (?).

      It should be used rather a lot. Every time you believe you know something will always be true, but might break if it wasn't, you should put an assert there.

      There's no point putting an IF there, because you can't forsee the case where it will be taken. Likewise an exception - exceptions are for foreseen error states. And ignoring it will result in a harder to find bug if that belief is ever wrong.

      It's pretty rare when the bug exists in the assert, rather than the main code. Rarer still when it's an assert that is active in release builds. This is one of those cases. But it doesn't mean that asserts are a bad thing.

    31. Re:printf by rve · · Score: 2

      I have also had the impression that assert() is a hack that shouldn't be used much (?).

      It's a hack that should be used extensively - in development code. In the production build, you generally turn on a compiler flag that prevents asserts from being compiled. This is why it's absolutely criminal to put code in an assert that has any side effects whatsoever.

    32. Re:printf by BasilBrush · · Score: 2

      That's only one of it's purposes.

      It's general purpose is to give physical form to assumptions in the program itself. It both assures that the assumption *is* always correct past that point, and it documents it.

      A novice programmer might say, don't make assumptions. But real programmers make reasonable assumptions all the time. For example if you've just written code to calculate an count, and that calculation can't make a number that's zero or less, then that's a valid assert.

    33. Re:printf by BasilBrush · · Score: 5, Informative

      Then instead of an assert you should have a return error (or throw exception) statement.

      No. Those can only ever be for foreseen error states. If they are not foreseen, then they are no documentable, and therefore the calling code can take no sensible action to react to the error or exception.

      An assert is a documentation of something that's always true and will never fail. If it fails, that's a bug, and there's no graceful handling of bugs - if you could foresee them, you would have already fixed them.

      The question is whether to only have them in debug builds or whether to have them in release builds too. Contrary to your ASSERTION, asserts aren't necessarily compiled out of release builds. The answer is they go in release builds too if the worst case scenario is data corruption from continuing in an unpredictable state.

      None of this is in Programming 101. This is stuff you learn when you've been programming a long time.

    34. Re:printf by BasilBrush · · Score: 2

      Have you heard of Code Complete? If you're a programmer, you probably should have read it. You should probably have a copy in your bookcase. Go read what it has to say in it's section on Assertions before you post any more ill-informed comments on this thread.

    35. Re:printf by Hal_Porter · · Score: 5, Funny

      I like C, but the problem is that most programmers cause chaos when they write it. C was always meant as a language that people who like assembler will like and use and be more productive. It was not meant as a language that today's script monkeys should use.

      Also Objective C was designed according to the prinicples of Objectivism - i.e. the code of the looters and moochers would crash and burn and bankrupt their companies whereas the code of Great Men would navigate the formidable obstacles of pointers and demonstrate their status as Nietzschean Ubermenschen and be rewarded with tonnes of cash and Patricia Neal, so this is not really surprising.

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    36. Re:printf by shutdown+-p+now · · Score: 2

      This is terminated because the program did not expect to see an URI with such capitalization, and (presumably) doesn't have code to handle it correctly - leading to an unexpected state where you can no longer be certain of the data. It indicates a bug (they forgot to handle different capitalization correctly, and they forgot to do proper user input validation), yes. But the way it handles that program bug, until such time as it's fixed, is absolutely correct.

    37. Re:printf by shutdown+-p+now · · Score: 4, Insightful

      In your release build, it should never be hit. But unless you can absolutely guarantee it, leave it there. You will make mistakes, and it's better to handle them in a safer manner.

      If it's hit, your program is in a state that you have not foreseen when writing it. If you're using assert for its intended purpose, then you're claiming: "I expect this condition to always be true here; the following code is written with this assumption in mind". If the condition is somehow not true, then the following code is a bug/exploit farm, and should not be allowed to run. You might also want to phone home, yes (though e.g. on Windows, WER will do it for you if you register for it). You definitely don't want to do nothing.

    38. Re:printf by Jappus · · Score: 4, Insightful

      Based on what you said, the summary title is incorrect. The programs aren't crashing, but rather are ending normally, just not when the user thinks they're telling it to.

      It is easy to argue that while this is technically a "normal" shutdown given the code of the program; it is certainly not a normal shutdown given the task and role of the program.

      You know: Letter of the law versus spirit of the law.

      Your program can only execute the letter of the law (its code), but its true purpose should always be the spirit (its intended role). Otherwise, any bug inside the program would need to be considered as a "normal program exit", as the bug is an inevitable result of its code. Since that is obviously not the case:

      This assert being thrown IS a bug, and the subsequent application exit not a normal shutdown. There is nothing to defend here as being "good".

    39. Re:printf by SanitaryFather · · Score: 2

      Cool! Great way to restart apps, no more clicking those pesky little x's.

  2. Apple's response by Anonymous Coward · · Score: 5, Funny

    You're doing it wrong.

    no big deal.

    Steve

    1. Re:Apple's response by girlintraining · · Score: 4, Funny

      Steve is in the iCloud now. Someone tried turning him off and then back on again. In an appeal to hipsters, he's gone underground to sell more macs. He is permanently 404. There is no way he could have had anything to say about this. There is no app for that. Get it? :P

      --
      #fuckbeta #iamslashdot #dicemustdie
    2. Re:Apple's response by dugancent · · Score: 2

      My response:

      Steve is dead and has been for over a year. Time for some new jokes.

      --
      SJWs are the new boogeyman. -Me
    3. Re:Apple's response by jrumney · · Score: 3, Funny

      Indeed, they already released a fix for it. It's called iCloud. Keeping things in the privacy of your own disk is now officially a bug (soon to be reclassified as user error).

  3. BRB by AmiMoJo · · Score: 5, Funny

    BRB, heading down to the Apple Store...

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:BRB by drcagn · · Score: 3, Insightful

      Typing the string has the same effect on the app as quitting the app. So.... have fun going to the apple store and quitting the apps.

      --
      Scorta futuere amo!
    2. Re: BRB by rsmith84 · · Score: 2

      Not without a Genius Bar appointment you're not!

    3. Re:BRB by drcagn · · Score: 2

      I know, I can be dangerously addictive sometimes.

      --
      Scorta futuere amo!
    4. Re:BRB by Tablizer · · Score: 2

      heading down to the Apple Store...

      Reminds me when I was teen at the mall before the PC era, I'd see a computer on display in the store and type in:

      10 PRINT "RUN, COMPUTER WILL EXPLODE!"
      20 GOTO 10
      RUN

      --
      Table-ized A.I.
    5. Re:BRB by AmiMoJo · · Score: 3, Informative

      It produces a nice exception error message. Perfect for making Apple fanbois who claim that Macs never crash look like twats.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  4. Powerpoint summary of TFS by TapeCutter · · Score: 4, Funny

    - An obscure library bug triggered by a magic string.

    - In the latest version.

    --
    And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    1. Re:Powerpoint summary of TFS by jonadab · · Score: 5, Insightful

      > An obscure library bug triggered by a magic string.

      The thing is, the magic string in question is not particularly obscure. Any app that normally handles URLs is fairly likely to get that typed into it at some point. Okay, granted, protocols are usually not capitalized, and File:/// is no more common than Http:// or Mailto:, but nonetheless, this is something people are definitely going to run into occasionally.

      (Yes, file protocol terminates the protocol with just two slashes; but, importantly, the next segment of the URL is an absolute path. So while the third slash would be a typo on a multi-rooted system like Windows or VMS, it's pretty much mandatory on a single-rooted system that uses slash as a directory separator -- like, say, anything with Unix underpinnings.)

      --
      Cut that out, or I will ship you to Norilsk in a box.
    2. Re:Powerpoint summary of TFS by oakgrove · · Score: 2

      Just a thought, using something like vnc from a mobile device would make it more likely to happen since keyboards on most smartphones/tablets capitalize the first letter in anything it thinks is a sentence.

      --
      The soylentnews experiment has been a dismal failure.
    3. Re:Powerpoint summary of TFS by adolf · · Score: 2

      Actually, the third slash means "this computer" and is required on Windows too. You have to write "file:///C:/..." on Windows to get anywhere. So no, it isn't a typo.

      [citation needed]

      On my computer (Windows 7), in Windows Explorer, these all work the same:

      file://C:/
      file:///C:/
      file:////////////////C:/

      These also work the same:

      file://
      file:///
      file:////////////////

      --
      Kid-proof tablet..
  5. You're doing it wrong by greggman · · Score: 3, Funny

    No one should ever need to type file:///

    There are no bugs. You're doing it wrong

    1. Re:You're doing it wrong by sjames · · Score: 4, Funny

      Maybe he's using a Mac. The first two times he tried that message, Safari crashed.

  6. Re:Little light on specifics.... by Kenja · · Score: 5, Interesting

    Ah, did manage to replicate it. Despite what the long article says, it does seem to be case sensitive. Very odd bug. The truly worrisome thing is that this would seem to indicate that even the most basic of text editors is capable of running scripts from plain text (as opposed to apple script). Not sure what the ramifications of that are, but it seems like a potential vector for malware.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  7. So? by Bogtha · · Score: 4, Insightful

    First off, itâ(TM)s worth noting that the bug only appears to be present in OS X Mountain Lion and is not reproducible in Lion or Snow Leopard. Thatâ(TM)s not exactly good news given that this is the latest release of Appleâ(TM)s operating system, which an increasing number of Mac users are switching to.

    Talk about over-egging the pudding. You're talking as if it's a fundamental flaw that ruins the whole operating system. It's a bug. Of course it's not good news, but it's not certain doom for Mountain Lion either.

    --
    Bogtha Bogtha Bogtha
    1. Re:So? by 93+Escort+Wagon · · Score: 2

      Speak for yourself - I just rolled back to Tiger!

      --
      #DeleteChrome
  8. The cause, and a fix by rsteele19 · · Score: 5, Informative

    Landon Fuller has posted a gist on GitHub with an explanation of the bug and a binary patch to the affected library.

    --

    This sig is umop apisdn.

    1. Re:The cause, and a fix by 93+Escort+Wagon · · Score: 3, Insightful

      Landon Fuller has posted a gist on GitHub with an explanation of the bug and a binary patch to the affected library.

      Yeah, THERE'S a good idea - apply a binary patch from some random post on Slashdot!

      --
      #DeleteChrome
    2. Re:The cause, and a fix by phantomfive · · Score: 2

      You can read the patch first, like the rest of us, right?

      --
      "First they came for the slanderers and i said nothing."
  9. Gödel Lives! by Sam+Williams · · Score: 3, Insightful

    http://kleinschmidt.wordpress.com/2006/07/03/i-cannot-be-played-on-record-player-x/

  10. Re:No, It Doesn't by Anonymous Coward · · Score: 3, Informative

    The bug is case sensitive; as the bug report says "The capital 'F' is important."

    Please do not bother posting something so quickly, without looking into it.

  11. Let's look at the stack trace by MrEricSir · · Score: 4, Informative

    This is the stack trace mentioned in the article:
    http://pastebin.com/UkhERvaA

    Doesn't look like a c-string or printf issue to me at all.

    --
    There's no -1 for "I don't get it."
  12. Even crashes the crash reporter! by Wormholio · · Score: 5, Funny

    I tried this in Safari on Lion. Capital F required, but indeed just "File:/// " crashes it.
    Then you get a pop-up asking if you want to report the problem to Apple? Sure.
    But then that crashes with a pop-up reporting that crash reporter has crashed. Bonus!

    --
    "Education is not the filling of a pail, but the lighting of a fire." -- William Butler Yeats
  13. It's the old Windows 98 bug all over again. by Dwedit · · Score: 2

    You used to be able to BSOD a Windows 95 or 98 machine by trying to read C:\con\con, and this included any web pages that requested file://C:/con/con.

  14. Re:I actually typed it, and nothing happened by mmarlett · · Score: 2

    Oh, wait, capitol F. That does cause a crash. Since when has a Mac been case sensitive? I guess that's what they get for listening to all those hackers complain about case insensitivity. ;)

  15. Re:I actually typed it, and nothing happened by EvanED · · Score: 2

    From a comment above, the problem is that it's not case sensitive, except for an internal sanity check which is.

    E.g. the dispatching code said "the user typed File:/// and I have a handler for file:///, so I'll call it", but then the handler had what was basically an case-insensitive comparison assert(url.startswith("file:///")).

    So the problem isn't case sensitivity or insensitivity -- it's that it was being inconsistent about it.

  16. Why is Apple shipping non-optimized code? by Branka96 · · Score: 3, Insightful

    If this is an assert as it appears to be, my question is, why is it in shipping code. Normally asserts are controlled by the NDEBUG symbol (or equivalent) which is undefined in optimized builds. In my opinion asserts should not be in shipping code. You should have something more solid in place.

    1. Re:Why is Apple shipping non-optimized code? by fnj · · Score: 3, Insightful

      And that, people, is why operating systems have become so grotesquely bloated and gigantic. An endless accumulation of "oh it's only a few more bytes".

    2. Re:Why is Apple shipping non-optimized code? by shutdown+-p+now · · Score: 2

      asserts are there to catch bugs. Not invalid user input or other conditions that you can predict and gracefully handle, but actual programmer bugs - mistakes in the logic of the program.

      If you ship your code with asserts disabled, you are, effectively, asserting that your code is bug-free. If you don't feel confident enough to make such a claim, then leaving them in there is a good idea - you lose a wee bit of perf, yes, but if things do go wrong, the user (and therefore you, when the user files a bug report with a crash dump) will find out much faster, and you will be able to pinpoint the problem more precisely. Furthermore, it prevents the program from running in a bad state and potentially opening up vectors for exploits.

  17. WTF by Anonymous Coward · · Score: 2, Funny

    Ok, I didn't believe this, I thought it might be a hoax so I wanted to try this and typed it into a file in the TextEdit.app, and it crashed the TextEdit.app completely!!!!! I had a 10 page paper that I was writing in there opened and it hadn't failed yet. The paper is due tomorrow!! is there a way to sue apple for damages over this?!!?!!!!??

    1. Re:WTF by BasilBrush · · Score: 3, Informative

      I realise this is a troll, but for anyone thinking it might be real:

      He's just need to restart Textedit, and all the documents he had open will still be there, still opened, in exactly the state they were in seconds before the crash. Snow Leopard documents don't need saving, they are constantly persisted whilst editing. Even if you have't yet given them a filename.

  18. Re:Sure enough by BasilBrush · · Score: 2

    Even more interesting is that fact it didn't prevent you from making that post.

  19. Re:Little light on specifics.... by cheesybagel · · Score: 2

    Let me guess. The Google search box in Firefox was not implemented using Apple's Cocoa widget Framework.

  20. Re:So, how can I type it for them? by cheesybagel · · Score: 2

    File:/// Or whatever.

  21. It is case sensitive by PhunkySchtuff · · Score: 3, Informative

    After trying this in every app I could think of, and failing to crash them, it turns out that this is case sensitive.

    Some dude has done a more detailed analysis over on github but the long and short of it is that there is a specific check in the code for 'file://' and any other case will cause it to crash. All caps - crash. Capital F and the rest in lower-case - crash. All lower-case and a capital L - crash.

    --
    Specialist Mac support for creative pros, Melbourne
  22. Re:Running Mountain Lion.... by Frankie70 · · Score: 2

    You are holding it right. The others aren't.

  23. it's an old joke by PopeRatzo · · Score: 3, Funny

    "Doctor, it hurts when I do this... Can you help me?"

    "Sure, don't to that."

    I'm going to give some free advice to users of Apple's OSX Mountain Lion: Don't do that.

    --
    You are welcome on my lawn.
  24. you obviously didn't read it by Chirs · · Score: 3, Informative

    It's a commented assembly listing with a proposed hacky fix in assembly.

  25. Re:donotwant by node+3 · · Score: 2

    It's kind of fantastic, actually. Someone sends you an email saying, "let's meet for lunch tomorrow", or "my new phone number is ...", etc., and these become clickable to enter a calendar appointment, or address book entry, etc.

    These trace back to the Newton, and were a huge part of that device's "magic". And when you get an email with a UPS tracking number as plain text (instead of a hyperlink), and it becomes clickable and asks if you want to track your shipment, you get one of those, "oh, now that's cool!" moments.

    Google does something similar in search results. If you put in a UPS tracking number, the top result is for you to track the shipment, etc.

  26. oh ya. by AndyKron · · Score: 2

    It just works...

  27. I've been closing my apps that way for years. by joelville · · Score: 2

    I thought everyone knew File:/// is the new Command-Q