Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,194
30,135



One of the fastest-spreading stories of the weekend has been a strange OS X Mountain Lion bug that can crash almost any Mac app running any version of OS X 10.8, reported on Open Radar.

The initial bug report stated that typing 'File:///' (without the quotes) into almost any app causes the app to crash.

bug.png
Follow-up testing has shown that the final character needn't be a forward-slash, with almost any character after 'File://' triggering the bug. The issue is also speed-dependent: leaving a brief pause between typing // and the next character will prevent the crash from occurring.

More embarrassingly still for Apple, filing a crash report causes both Crash Reporter and the Console apps to crash. The Console crash can only be cured by running a terminal command:

sudo sed -i -e 's@File:///@F i l e : / / /@g' /var/log/system.log

The Next Web has a detailed analysis of the issue, noting that it is related to Apple's Data Detectors feature for automatically recognizing dates, locations and other information in text for addition to Address Book or Calendar entries.

While it is rather surprising that the issue took so long to receive publicity, Apple is now likely to include a fix for the problem sooner rather than later. It is, however, unknown whether Apple will squeeze a fix into the upcoming OS X 10.8.3 that has been in developer testing for over two months.

Article Link: Odd Mountain Lion Crashing Bug Brings Down Nearly Any App
 

ConCat

macrumors 6502a
Works in Safari. Neat!

It's a case-sensitive bug just so you all know. :)

EDIT: Oh yes, that makes part of the article incorrect: "with almost any character after 'file://' triggering the bug" That would be "File://"
 

bushido

Suspended
Mar 26, 2008
8,070
2,755
Germany
i remember back in the ML betas Safari would crash if u'd type xy.com/

not sure if i remember exactly, it had something to do with / as well however
 

dearfriendx

macrumors 6502
Jun 3, 2011
356
283
San Diego, CA
Yeah, this is SO utterly embarrassing. Most of the world is required to type 'file:/*' into most apps these days. Their stock is going to plummet :(
 

ikramerica

macrumors 68000
Apr 10, 2009
1,540
1,823
Yep, pretty neat. Took down Safari and NotePad. At least it doesn't lock up the Finder too. Pretty easy to get out of.

For the vast majority of us, we will never type that string. For a few of you, it's something you need to type often...
 

AngerDanger

Graphics
Staff member
Dec 9, 2008
5,452
29,001
Ugh. I just tried to contact an Apple representative about this, and as soon as I described the problem, they hung up on me. This bug goes deep, man.
 

iMikeT

macrumors 68020
Jul 8, 2006
2,304
1
California
One of the fastest-spreading stories of the weekend has been a strange OS X Mountain Lion bug that can crash almost any Mac app running any version of OS X 10.8, reported on Open Radar.



That's a lot of running. I'm tired all ready.
 

Ed91

macrumors 6502
Dec 22, 2007
267
1
Odd, it doesn't seem to work for me. I'm aware it's case sensitive.. still nothing. Hm.

[Edit] I lied, it does work. I just wasn't typing fast enough.
 

Thunderhawks

Suspended
Feb 17, 2009
4,057
2,118
Yeah, this is SO utterly embarrassing. Most of the world is required to type 'file:/*' into most apps these days. Their stock is going to plummet :(

Exactly, haven't typed 'File://' into anything for 60 years until this post and probably won't have too until I die.

Definitely worried....................NOT!!!
 

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
I suppose it's "neat", but keep in mind in that this kind of core system vulnerability could potentially be exploited to put malware everywhere.

And that, my friend, is utter nonsense.

There is no vulnerability. There is an embarrassing bug that causes an exception to be thrown, which is not handled (because it shouldn't have been thrown), and uncaught exceptions stop the application from running. This would be inconvenient if it happened in a common situation, but Mountain Lion has been out for many months without anyone noticing, so nobody is inconvenienced. But importantly, because the effect of the bug is to stop the application from running, it is not something that can be exploited for malware.


I know. It's just rare that a bug is so incredibly easy to produce like this. It makes me wonder how they missed it... Someone needs to update Apple unit tests. :p

"Easy to reproduce" doesn't mean "easy to find". This should have been found in a code review (someone checked that a URL is a "file url" by checking that it starts with the characters "file://" which is obvious nonsense - "File://" or "fIlE://" is perfectly legal), but anybody who is clever enough to write a unit test for the "File" case would also have been clever enough to get the code right in the first place.
 
Last edited:

dyn

macrumors 68030
Aug 8, 2009
2,708
387
.nl
The Next Web has a detailed analysis of the issue, noting that it is related to Apple's Data Detectors feature for automatically recognizing dates, locations and other information in text for addition to Address Book or Calendar entries.
This is not specific to data detectors. You can easily try it in TextEdit which allows you to enable/disable the data detectors. No matter what setting you use it will still crash. Disabling the spell checker however stops it crashing. The same thing happens with other applications, especially when you disable the autocorrect/spell checking options in system preferences > language & text. This seems to be a bug in the autocorrect/spell checking system and not in the data detectors.

While it is rather surprising that the issue took so long to receive publicity, Apple is now likely to include a fix for the problem sooner rather than later.
It is absolutely not surprising at all. Most people do not use this to open a folder in Finder from a certain application. They use Finder (or something similar) to do so. It is not a common way of doing things. Also, not many people write documentation or any other kind of texts where they mention File:/// I think more than 95% of the Mac users may not even known the existence of File:/// before this issue was mentioned on sites like neowin.net, macrumors.com, etc.

Yes it's a strange bug but not a big one since most people won't even run into it anyway.
 

ConCat

macrumors 6502a
And that, my friend, is utter nonsense.

There is no vulnerability. There is an embarrassing bug that causes an exception to be thrown, which is not handled (because it shouldn't have been thrown), and uncaught exceptions stop the application from running. This would be inconvenient if it happened in a common situation, but Mountain Lion has been out for many months without anyone noticing, so nobody is inconvenienced. But importantly, because the effect of the bug is to stop the application from running, it is not something that can be exploited for malware.

Well, truly malicious malware might be able to use this to cause your apps to repetitively crash. Especially given how trivial it is to automate text entry on a Mac using simple AppleScript commands.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.