{"id":7753,"date":"2013-08-29T14:39:20","date_gmt":"2013-08-29T19:39:20","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=7753"},"modified":"2016-05-08T23:32:37","modified_gmt":"2016-05-09T03:32:37","slug":"coretext-bug-allows-specific-string-to-crash-apps","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2013\/08\/29\/coretext-bug-allows-specific-string-to-crash-apps\/","title":{"rendered":"CoreText Bug Allows Specific String to Crash Apps"},"content":{"rendered":"<p><a href=\"http:\/\/techcrunch.com\/2013\/08\/29\/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps\/\">Matthew Panzarino<\/a>:<\/p>\r\n<blockquote cite=\"http:\/\/techcrunch.com\/2013\/08\/29\/bug-in-apples-coretext-allows-specific-string-of-characters-to-crash-ios-6-os-x-10-8-apps\/\"><p>A bug in Apple&rsquo;s <a target=\"_blank\" href=\"https:\/\/twitter.com\/codeblue87\/status\/373136894806073344\">CoreText rendering engine<\/a> in iOS 6 and OS X 10.8 causes any apps that try to render a string of Arabic characters to crash on sight. The string of characters which can trigger the bug &mdash; which was discovered yesterday and has spread around the hacking and coding community &mdash; has made its way to Twitter, where even looking at it in your timeline will crash the app.<\/p>\r\n<p>[&#8230;]<\/p>\r\n<p>The characters were discovered and posted on a <a href=\"http:\/\/translate.google.com\/translate?depth=1&amp;hl=en&amp;nv=1&amp;rurl=translate.google.com&amp;sl=ru&amp;tl=en&amp;u=http:\/\/habrahabr.ru\/post\/191654\/\">Russian site yesterday morning<\/a>. The site claims that Apple has known about the problem for &lsquo;six months&rsquo; and has not reacted. There is some evidence of the string appearing on Twitter <a href=\"http:\/\/arstechnica.com\/apple\/2013\/08\/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters\/\">back in February<\/a>. The posting includes a request to click the crash report button on any apps affected and report it to Apple.<\/p>\r\n<\/blockquote>\r\n<p>Sounds like <a href=\"http:\/\/mjtsai.com\/blog\/2013\/02\/02\/data-detectors-crash-in-cocoa-text-views\/\">this bug<\/a>, though it&rsquo;s in a different OS subsystem. It&rsquo;s apparently fixed in Mavericks and iOS 7.<\/p>\r\n<p><a href=\"http:\/\/arstechnica.com\/apple\/2013\/08\/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters\/\">ArsTechnica<\/a> and <a href=\"https:\/\/news.ycombinator.com\/item?id=6293824\">Hacker News<\/a> have additional coverage.<\/p>\r\n<p>Update (2013-09-08): <a href=\"http:\/\/www.theregister.co.uk\/2013\/09\/04\/unicode_of_death_crash\/\">Chris Williams<\/a> explains the buffer overrun (via <a href=\"https:\/\/twitter.com\/nst021\/status\/376698330606489600\">Nicolas Seriot<\/a>):<\/p>\r\n<blockquote cite=\"http:\/\/www.theregister.co.uk\/2013\/09\/04\/unicode_of_death_crash\/\"><p>If we open <b>libvDSP<\/b> (located deep within the <b>\/System\/Library\/<\/b> filesystem hierarchy of your computer) in the rather handy reverse-engineering tool <a href=\"http:\/\/www.hopperapp.com\/\">Hopper<\/a>, we can look at the compiled machine code that blew up. See the screenshot below: the faulting instruction 117462 bytes in, or <b>1cad6<\/b> in hex, is highlighted.<\/p><\/blockquote>\r\n<p>Update (2013-09-13): This seems to be <a href=\"http:\/\/support.apple.com\/kb\/HT5880?viewlocale=en_US&amp;locale=en_US\">fixed in Mac OS X 10.8.5<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>Matthew Panzarino: A bug in Apple&rsquo;s CoreText rendering engine in iOS 6 and OS X 10.8 causes any apps that try to render a string of Arabic characters to crash on sight. The string of characters which can trigger the bug &mdash; which was discovered yesterday and has spread around the hacking and coding community [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,394,31,30],"class_list":["post-7753","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-coretext","tag-ios","tag-mac"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7753","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=7753"}],"version-history":[{"count":5,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7753\/revisions"}],"predecessor-version":[{"id":14432,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7753\/revisions\/14432"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=7753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=7753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=7753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}