Odd Mountain Lion Crashing Bug Brings Down Nearly Any App

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Feb 4, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    One of the fastest-spreading stories of the weekend has been a strange OS X Mountain Lion bug that can crash almost any Mac app running any version of OS X 10.8, reported on Open Radar.

    The initial bug report stated that typing 'File:///' (without the quotes) into almost any app causes the app to crash.

    [​IMG]
    Follow-up testing has shown that the final character needn't be a forward-slash, with almost any character after 'File://' triggering the bug. The issue is also speed-dependent: leaving a brief pause between typing // and the next character will prevent the crash from occurring.

    More embarrassingly still for Apple, filing a crash report causes both Crash Reporter and the Console apps to crash. The Console crash can only be cured by running a terminal command:

    sudo sed -i -e 's@File:///@F i l e : / / /@g' /var/log/system.log

    The Next Web has a detailed analysis of the issue, noting that it is related to Apple's Data Detectors feature for automatically recognizing dates, locations and other information in text for addition to Address Book or Calendar entries.

    While it is rather surprising that the issue took so long to receive publicity, Apple is now likely to include a fix for the problem sooner rather than later. It is, however, unknown whether Apple will squeeze a fix into the upcoming OS X 10.8.3 that has been in developer testing for over two months.

    Article Link: Odd Mountain Lion Crashing Bug Brings Down Nearly Any App
     
  2. zin
    macrumors 6502

    Joined:
    May 5, 2010
    Location:
    United Kingdom
    #2
    Laughed way more than I should have.
     
  3. macrumors regular

    Joined:
    Jul 3, 2012
    Location:
    Stockholm, Sweden
    #3
    Must. Test. Now!
     
  4. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #4
    Works in Safari. Neat!

    It's a case-sensitive bug just so you all know. :)

    EDIT: Oh yes, that makes part of the article incorrect: "with almost any character after 'file://' triggering the bug" That would be "File://"
     
  5. macrumors 604

    bushido

    Joined:
    Mar 26, 2008
    Location:
    Planet Earth
    #5
    i remember back in the ML betas Safari would crash if u'd type xy.com/

    not sure if i remember exactly, it had something to do with / as well however
     
  6. macrumors regular

    dearfriendx

    Joined:
    Jun 3, 2011
    Location:
    San Diego, CA
    #6
    Yeah, this is SO utterly embarrassing. Most of the world is required to type 'file:/*' into most apps these days. Their stock is going to plummet :(
     
  7. macrumors 68020

    Squilly

    Joined:
    Nov 17, 2012
    Location:
    PA
    #7
    Leave it to Apple for this... Nice job.
     
  8. macrumors newbie

    krishatesworld

    Joined:
    Sep 2, 2010
    Location:
    Statesboro, GA
    #8
    Works in Chrome, too! Neat.
     
  9. macrumors regular

    Joined:
    Apr 10, 2009
    #9
    Yep, pretty neat. Took down Safari and NotePad. At least it doesn't lock up the Finder too. Pretty easy to get out of.

    For the vast majority of us, we will never type that string. For a few of you, it's something you need to type often...
     
  10. macrumors 68000

    Joined:
    Jul 19, 2002
    Location:
    Surprise
    #10
    Not a bug, it is a feature! :D
     
  11. Editor emeritus

    longofest

    Joined:
    Jul 10, 2003
    Location:
    Falls Church, VA
    #11
    I suppose it's "neat", but keep in mind in that this kind of core system vulnerability could potentially be exploited to put malware everywhere.
     
  12. macrumors 6502a

    jpetticrew

    Joined:
    May 13, 2009
    Location:
    Texas
    #12
    Didn't crash my terminal.
     

    Attached Files:

  13. macrumors 68030

    needfx

    Joined:
    Aug 10, 2010
    Location:
    macrumors apparently
    #13
    buckle your seat-belts, crashes ahead
     
  14. macrumors 68000

    AngerDanger

    Joined:
    Dec 9, 2008
    Location:
    Male
    #14
    Ugh. I just tried to contact an Apple representative about this, and as soon as I described the problem, they hung up on me. This bug goes deep, man.
     
  15. macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #15
    Heh. Wonder if it effects any other versions of OS X.
     
  16. macrumors 68020

    Joined:
    Jul 8, 2006
    Location:
    California
    #16


    That's a lot of running. I'm tired all ready.
     
  17. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #17
    I know. It's just rare that a bug is so incredibly easy to produce like this. It makes me wonder how they missed it... Someone needs to update Apple unit tests. :p
     
  18. macrumors 6502

    Joined:
    Dec 22, 2007
    #18
    Odd, it doesn't seem to work for me. I'm aware it's case sensitive.. still nothing. Hm.

    [Edit] I lied, it does work. I just wasn't typing fast enough.
     
  19. macrumors 68030

    Joined:
    Feb 17, 2009
    #19
    Exactly, haven't typed 'File://' into anything for 60 years until this post and probably won't have too until I die.

    Definitely worried....................NOT!!!
     
  20. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #20
    That means it's probably a bug in a proprietary Apple layer. I don't believe Terminal uses Apple tech for its text rendering (besides the usual Quartz layer for drawing...).
     
  21. macrumors member

    Joined:
    Mar 15, 2011
    Location:
    Atlanta
    #21
    Stop trying to crash the Apple campus!
     
  22. gnasher729, Feb 4, 2013
    Last edited: Feb 4, 2013

    macrumors G5

    gnasher729

    Joined:
    Nov 25, 2005
    #22
    And that, my friend, is utter nonsense.

    There is no vulnerability. There is an embarrassing bug that causes an exception to be thrown, which is not handled (because it shouldn't have been thrown), and uncaught exceptions stop the application from running. This would be inconvenient if it happened in a common situation, but Mountain Lion has been out for many months without anyone noticing, so nobody is inconvenienced. But importantly, because the effect of the bug is to stop the application from running, it is not something that can be exploited for malware.


    "Easy to reproduce" doesn't mean "easy to find". This should have been found in a code review (someone checked that a URL is a "file url" by checking that it starts with the characters "file://" which is obvious nonsense - "File://" or "fIlE://" is perfectly legal), but anybody who is clever enough to write a unit test for the "File" case would also have been clever enough to get the code right in the first place.
     
  23. dyn
    macrumors 68000

    Joined:
    Aug 8, 2009
    Location:
    .nl
    #23
    This is not specific to data detectors. You can easily try it in TextEdit which allows you to enable/disable the data detectors. No matter what setting you use it will still crash. Disabling the spell checker however stops it crashing. The same thing happens with other applications, especially when you disable the autocorrect/spell checking options in system preferences > language & text. This seems to be a bug in the autocorrect/spell checking system and not in the data detectors.

    It is absolutely not surprising at all. Most people do not use this to open a folder in Finder from a certain application. They use Finder (or something similar) to do so. It is not a common way of doing things. Also, not many people write documentation or any other kind of texts where they mention File:/// I think more than 95% of the Mac users may not even known the existence of File:/// before this issue was mentioned on sites like neowin.net, macrumors.com, etc.

    Yes it's a strange bug but not a big one since most people won't even run into it anyway.
     
  24. macrumors 603

    justperry

    #24
    You might find that answer here, at least it is not an issue on 10.5.8

    Crash Apps by simply typing File:///
     
  25. macrumors 6502a

    ConCat

    Joined:
    Jul 27, 2012
    Location:
    In an ethereal plane of existence.
    #25
    Well, truly malicious malware might be able to use this to cause your apps to repetitively crash. Especially given how trivial it is to automate text entry on a Mac using simple AppleScript commands.
     

Share This Page