Slashdot Mirror

← Back to Stories (view on slashdot.org)

Typing 'http://:' Into a Skype Message Trashes the Installation Beyond Repair

Posted by Soulskill on from the bug-of-the-year dept.

An anonymous reader writes: A thread at the Skype community forums has brought to light a critical bug in Microsoft's Skype clients for Windows, iOS and Android: typing the incorrect URL initiator http://: into a text message on Skype will crash the client so badly that it can only be repaired by installing an older version and awaiting a fix from Microsoft. The bug does not affect OS X or the 'Metro'-style Windows clients — which means, effectively, that Mac users could kill the Skype installations on other platforms just by sending an eight-character message.

17 of 225 comments (clear)

  1. Oh well by 3.5+stripes · · Score: 4, Interesting

    It's hardly the only thing that causes Skype to crash, and work intermittently at best, and to be fair, it actually started before Microsoft bought them.

    --


    He tried to kill me with a forklift!
    1. Re:Oh well by gstoddart · · Score: 5, Insightful

      Crashing is one thing.

      Parsing input data sufficiently badly as to require an uninstall? That's pretty epic.

      --
      Lost at C:>. Found at C.
    2. Re:Oh well by penguinoid · · Score: 5, Funny

      Watch out, everybody! There's a new Windows virus going about. See here for more information http://:

      --
      Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
    3. Re:Oh well by Njorthbiatr · · Score: 5, Insightful

      This. So much this.

      I usually defend MS against people who I believe unfairly attack them, but you've really struck a nerve.

      I don't know what team is responsible for Skype, but they have done such a mind boggling horrible job I'm half convinced they're intentionally trying to kill it, cut it into small pieces, then burn the remains before firing the ashes into the nearest black hole.

      Every single version they push out has been worse than the last, and the last good version was 6.18. I loathe the day when they finally kill this version to force people into their newer, more broken, buggy, and less featured version. And to boot it wasn't enough that they started forcing people to update by patching it through Windows Update. I started my computer one day to find Skype completely uninstalled -- all because of Windows Update (which I now review for all updates after this tragic experience). Somehow it managed to uninstall itself and then couldn't reinstall itself because I replaced the update file with a dummy.

      They keep removing features but *promise* to put them back in... And even years later the features still haven't back in added. But hey that's okay because now Skype can use even larger emoticons. Well fucking thanks for that useless fucking feature. That's all Skype gets nowadays, useless improvements and worse performance. The calls I get with 6.18 are perfect but with any version 7 I may as well just write letters and send them through the mail.

      Oh but wait they changed the UI to be even worse! Now you have chat bubbles for some stupid fucking reason.

      Microsoft we deserve an explanation for this total fucking incompetence. Maybe you should hire actual software developers instead of monkey interns who think smashing their face into a keyboard is an acceptable way to write software.

  2. Wow ... by gstoddart · · Score: 5, Insightful

    Good job guys!!

    I'm not even sure I've heard of an error condition which required a full uninstall.

    I predict many people will be sending that string today. I also predict someone will attempt to charge the people sending it with criminal hacking.

    Keep up the good work.

    --
    Lost at C:>. Found at C.
    1. Re:Wow ... by Anonymous Coward · · Score: 5, Informative

      I'm not even sure I've heard of an error condition which required a full uninstall.

      I can guess why and I doubt an uninstall would help.

      All you really need to know is that Skype saves conversations and redisplays them when it starts. So you send someone http://:, that triggers the bug, and on restart, it reloads the conversation and crashes again.

      If that's the case, a reinstall won't help, because Skype will just re-download the missed messages and reencounter the bad URL and reenter the crash loop.

      (Presumably the bug is that they see the second ":", decide it's the start of a port, and leave the hostname uninitialized, causing a crash.)

    2. Re:Wow ... by _anomaly_ · · Score: 4, Funny

      Yeah, pretty epic bug.
      We use Skype for communicating with coworkers (we are a very small company, and all telecommute, so to speak), when the conversation doesn't warrant a phone call (on our IP phones).
      But I'm still very tempted to try it. It's like a big red button that says DO NOT PUSH.

      --
      "I have no special gift, I am only passionately curious." - Albert Einstein
    3. Re:Wow ... by JaredOfEuropa · · Score: 4, Informative

      Isn't the history stored on their server? In that case you're SOL.

      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    4. Re:Wow ... by _xeno_ · · Score: 4, Informative

      Yep.

      First thing a new installation of Skype does is download every single message you've received for the past several months, I think.

      I haven't tried deleting a history file (they're actually SQLite databases) but I think the same thing happens in that case: Skype sees that it isn't up to date on messages and redownloads them.

      --
      You are in a maze of twisty little relative jumps, all alike.
    5. Re:Wow ... by msauve · · Score: 4, Funny

      " It's like a big red button that says DO NOT PUSH."

      You know that big button near the door in the data center, the one labeled "Halon?" That's French for "exit," so you push that to unlock the door and get out.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  3. FIXED by Anonymous Coward · · Score: 5, Informative

    http://community.skype.com/t5/Windows-desktop-client/Skype-Fix-for-crashes-caused-by-bad-URL/td-p/3997463

  4. Really? by TWX · · Score: 4, Insightful

    It's been fifteen years since I as a very, very junior quality assurance engineer had to calmly walk over to the software developers that were working on communications protocols and explain to them that while their protocols (POP3 and SMTP in this case) only truly needed to meet current RFC as far as their list of implemented commands and features was concerned, they had to be able to gracefully handle any and all non-RFC data that they received, even if only to cleanly reject it with an error or to terminate the connection. Instead the implementations would crash hard, requiring the system manager on the platform to detect that they'd gone down in a ball of flames and restart them. They couldn't understand how non-RFC stuff would be sent, even to the point of not understanding how deprecated commands from previous RFCs might stil be in-practice, let alone all of the various possible reasons that either accidental garbage or intentional sending of garbage to try to break-in could be the case.

    That such problems as basic as incorrectly typed URLs could break Skype is beyond understanding. This should have been sanity-checked as part of the regular process of handling a URL, and in this particular case probably simply autocorrected and attributed to user ignorance.

    --
    Do not look into laser with remaining eye.
    1. Re:Really? by gstoddart · · Score: 4, Insightful

      That such problems as basic as incorrectly typed URLs could break Skype is beyond understanding.

      I don't think it's beyond understanding. Not even a little.

      Microsoft has always been pioneers of the "let's try to embed 'smarts' in stuff to make it cooler and friendlier to use" kind of thing.

      Autorun on media, for instance has caused a lot of problems with things like viruses and rootkits.

      Hell, Microsoft pioneered the technology which meant you could get a virus without opening the attachment of an email -- and up until then people had been saying "no, you can't get a virus simply from clicking on the email unless you run the attachment". Then Microsoft went straight to running the attachment and proved them wrong.

      Microsoft tries so hard to coat the world in eye candy and do things for the user that they often go straight to the "well, you clearly want me to run that".

      So in this case it probably went "ZOMG, teh URL" and jumped to running some code.

      I have found over the years Microsoft's zeal to have dynamic, flashy content often means they create things which make for terrible robustness.

      Like their widgets and live desktop stuff they've now had to deprecate on no less than three different platforms that I'm aware of because it was a giant security hole.

      They put in a feature which says "wow, we'll just run this stuff because it's awesome", only to run smack into the wall of "but it's also dangerous".

      --
      Lost at C:>. Found at C.
    2. Re:Really? by scamper_22 · · Score: 4, Interesting

      It's often not even ignorance. Sometimes there is a mentality of correctness over keeping it running.

      Never is this more of a debate that in exception handling.

      I've worked in places where it was against the gods if you simply had a catch( Exception e). You had to *know* which exceptions you are catching and then catch each one separately.

      The keep it running in me is annoyed because there's always some possibility of a runtime Exception or that we miss something and then it crashes instead of just failing that one operation.

      The reason given was it is better for us to find out the exception and then fix the code, than to mask it with a catch all.

      To each his own, but it's definitely not as simple as ignorance.
      I've fought a lot of battles writing the software. I can tell its often the case of correctness versus keep it running.

    3. Re:Really? by gstoddart · · Score: 4, Insightful

      I would argue that a failure to catch an un-enumerated exception is neither correctness, nor keeping it running.

      However, I've heard the argument about the elegance and beauty of letting it crash because it's a real defect which should be identified ... I just disagree that an ungraceful failure is the way to do it.

      I hope the people writing self-driving cars don't have the idiotic mindset that if they haven't enumerated the error it should be allowed to fail spectacularly.

      The reality is, in the real world when software doesn't fail gracefully, some smug idiot of a developer who said you shouldn't catch things you didn't anticipate isn't there to clean up his mess. So his damned "correctness" becomes an aesthetic thing which is useless.

      That's just defective by design, because either your design is 100% perfect and infallible, or it's pretty and elegant but is a crash waiting to happen.

      Reality seldom conforms to the pre-planned expectations of the guys who built the product.

      "Correctness" isn't correct if it can't account for incomplete correctness. It's lazy and ideological.

      --
      Lost at C:>. Found at C.
    4. Re:Really? by ComputerGeek01 · · Score: 4, Interesting

      As a Sys Admin, and therefore your consumer, I couldn't care less if you fail hard or try to recover. But LOG THE GOD DAMN ERROR FOR WHAT IT IS FIRST! There is nothing more mind bogglingly useless then some dip-shit programmer who things "Duh, the user should just keep trying until it works. I don't need to prompt them with anything more then 'ERROR: An Error Has Occurred'". Or even worse is the crowd of useless knuckle draggers who think that catching an exception and doing absolutely nothing in the interest of 'keeping things running' is the right course of action everytime. I don't need to see your code, I already know it sucks. Otherwise it would have been too expensive for my employers to want to purchase. But at least tell us where it is failing.

  5. little Bobby Tables strikes back by dunkelfalke · · Score: 4, Funny

    Nuff said

    --
    "It's such a fine line between stupid and clever" -- David St. Hubbins, Spinal Tap