Tweet crashes Mac Twitter client

93 点作者 kikibobo69超过 12 年前

30 条评论

mmastrac超过 12 年前

The offending tweet content:<pre><code> ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ </code></pre> Edit: I've narrowed it down to the following byte sequence. I can't seem to remove any of the characters without it no longer crashing:<pre><code> 00000000 d9 88 d2 88 cd a5 cd a8 cd aa cd af 20 d2 88 d2 |............ ...| 00000010 88 d2 88 |...| 00000013 </code></pre> Hixie's unicode decoder says this is:<pre><code> U+0648 ARABIC LETTER WAW character (&#x0648;) U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;) U+0365 COMBINING LATIN SMALL LETTER I character (&#x0365;) U+0368 COMBINING LATIN SMALL LETTER C character (&#x0368;) U+036A COMBINING LATIN SMALL LETTER H character (&#x036A;) U+036F COMBINING LATIN SMALL LETTER X character (&#x036F;) U+0020 SPACE character U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;) U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;) U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;)</code></pre>

评论 #5237614 未加载

评论 #5237611 未加载

a_p超过 12 年前

This is the tweet in html character entity form:<pre><code> &#1607;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#875;&#876;&#873;&#878;&#872;&#874;&#879;&#869;&#869;&#875;&#874;&#871;&#867;&#879;&#874;&#872;&#867;&#869;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#869;&#872;&#874;&#875;&#876;&#877;&#878;&#879;&#869;&#868;&#867;&#869;&#872;&#874;&#871;&#867;&#879;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#872;&#874;&#875;&#876;&#873;&#878;&#879;&#869;&#872;&#867;&#869;&#875;&#874;&#871;&#867;&#879;&#869;&#876;&#874;</code></pre>

评论 #5237862 未加载

bsg75超过 12 年前

And unfollowing only solves the problem until someone in your stream retweets it.So I retweeted it.

eksith超过 12 年前

Rendering any typeable character(s) should never crash any engine... ever. That said, unicode seems to be the last frontier for the non-viral spread of glitches.I'm somewhat reminded of this : <a href="http://stackoverflow.com/a/1732454" rel="nofollow">http://stackoverflow.com/a/1732454</a>

signed0超过 12 年前

It also crashes Chrome's current tab on OSX: <a href="http://imgur.com/vRn6Qid" rel="nofollow">http://imgur.com/vRn6Qid</a>

评论 #5237580 未加载

评论 #5237629 未加载

duskwuff超过 12 年前

For at least one application, the crash is in:<pre><code> 0 libvDSP.dylib ? + 117458 1 com.apple.CoreText TRun::TRun(TRun const&, CFRange, TRun::SubrangingStyle) + 850 2 com.apple.CoreText CTGlyphRun::CloneRange(CTRun const*, CFRange, TRun::SubrangingStyle) + 142 3 com.apple.CoreText TLine::SetLevelRange(CFRange, unsigned char, bool) + 162 4 com.apple.CoreText TLine::SetTrailingWhitespaceLevel(unsigned char) + 70 5 com.apple.CoreText TRunReorder::ReorderRuns(TBidiLevelsProvider const&, TLine&) + 122 6 com.apple.CoreText TTypesetter::FinishLineFill(TLine&, double, double) const + 142 7 com.apple.CoreText CTTypesetterCreateLine + 131 </code></pre> I'm not familar enough with CoreText internals to guess what's going wrong, though. :)

ihsw超过 12 年前

Is it simply zalgo text? <a href="http://eeemo.net/" rel="nofollow">http://eeemo.net/</a>

niggler超过 12 年前

Is this a mountain lion issue or does this affect lion and SL as well?

评论 #5237592 未加载

general_failure超过 12 年前

Does anyone else see something funky at the top most comments?

评论 #5237682 未加载

评论 #5238026 未加载

zmarn超过 12 年前

Ok, I narrowed down what kills Chrome.minimalist example:<pre><code> data:text/html;charset=utf-8,%D9%88%20%D2%88%D2%88%D2%88 </code></pre> It seems to be a problem with utf-8 vs. unicode + Times New Roman.tested on: Chrome 24.0.1312.57 | OS x 10.8.2Edit: also works with other fonts for example Arial

alpb超过 12 年前

Crashes Chrome on Mac (only the tab, not the whole process). Of course retweeted it!

lukeman超过 12 年前

I'm sure they'll have a bugfix release out soon to fix this.Nah, just kidding.

ExtraJ超过 12 年前

Retweeted, of course.

zmarn超过 12 年前

Really interesting, played around with it locally and it just kill two random neighboring tabs, while not effecting others.Chrome 24.0.1312.57 | OS x 10.8.2

renanbirck超过 12 年前

No crash on either Chrome or Firefox on Arch Linux.

webbruce超过 12 年前

Yeah my twitter client is crashing now when I switch to another account that's already logged in.

ihuman超过 12 年前

This twitter account and tweet displays fine on TweetBot for iOS, but causes lag when scrolling.

itistoday2超过 12 年前

How do you type this on a Mac?

评论 #5237726 未加载

cleverjake超过 12 年前

This is crashing nightly webkit as well, so it is likely an issue there.

zemanel超过 12 年前

Crashing for me too .. can't open Twitter.app ...OS X 10.8.2 (12C60)

Void_超过 12 年前

It also crashes Sublime Edit when pasted.

younata超过 12 年前

firefox 18.0.2 on osx seems to survive...

评论 #5237613 未加载

sebastianavina超过 12 年前

correct me if i'm wrong, but somebody is working right now to use this bug in some piece of malicious code...

keikun17超过 12 年前

Aaaand i locked myself out of twitter.

Systemic33超过 12 年前

No crash on Chromium with Arch Linux

eridius超过 12 年前

Doesn't crash Tweetbot or Safari.

cicloid超过 12 年前

Also crashes Tweetbot on the Mac

评论 #5238468 未加载

eunice超过 12 年前

Doesn't crash Safari on 10.8.2

youngerdryas超过 12 年前

ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪCool...Edit: Apparently it is only the unicode>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ...How is this possible?

评论 #5238018 未加载

评论 #5237762 未加载

camus超过 12 年前

should it be considered as a new form of attack ? utf attack , or utf malware ( that's a question ).

30 条评论

mmastrac超过 12 年前

评论 #5237614 未加载

评论 #5237611 未加载

a_p超过 12 年前

评论 #5237862 未加载

bsg75超过 12 年前

And unfollowing only solves the problem until someone in your stream retweets it.So I retweeted it.

eksith超过 12 年前

signed0超过 12 年前

It also crashes Chrome's current tab on OSX: <a href="http://imgur.com/vRn6Qid" rel="nofollow">http://imgur.com/vRn6Qid</a>

评论 #5237580 未加载

评论 #5237629 未加载

duskwuff超过 12 年前

ihsw超过 12 年前

Is it simply zalgo text? <a href="http://eeemo.net/" rel="nofollow">http://eeemo.net/</a>

niggler超过 12 年前

Is this a mountain lion issue or does this affect lion and SL as well?

评论 #5237592 未加载

general_failure超过 12 年前

Does anyone else see something funky at the top most comments?

评论 #5237682 未加载

评论 #5238026 未加载

zmarn超过 12 年前

alpb超过 12 年前

Crashes Chrome on Mac (only the tab, not the whole process). Of course retweeted it!

lukeman超过 12 年前

I'm sure they'll have a bugfix release out soon to fix this.Nah, just kidding.

ExtraJ超过 12 年前

Retweeted, of course.

zmarn超过 12 年前

Really interesting, played around with it locally and it just kill two random neighboring tabs, while not effecting others.Chrome 24.0.1312.57 | OS x 10.8.2

renanbirck超过 12 年前

No crash on either Chrome or Firefox on Arch Linux.

webbruce超过 12 年前

Yeah my twitter client is crashing now when I switch to another account that's already logged in.

ihuman超过 12 年前

This twitter account and tweet displays fine on TweetBot for iOS, but causes lag when scrolling.

itistoday2超过 12 年前

How do you type this on a Mac?

评论 #5237726 未加载

cleverjake超过 12 年前

This is crashing nightly webkit as well, so it is likely an issue there.

zemanel超过 12 年前

Crashing for me too .. can't open Twitter.app ...OS X 10.8.2 (12C60)

Void_超过 12 年前

It also crashes Sublime Edit when pasted.

younata超过 12 年前

firefox 18.0.2 on osx seems to survive...

评论 #5237613 未加载

sebastianavina超过 12 年前

correct me if i'm wrong, but somebody is working right now to use this bug in some piece of malicious code...

keikun17超过 12 年前

Aaaand i locked myself out of twitter.

Systemic33超过 12 年前

No crash on Chromium with Arch Linux

eridius超过 12 年前

Doesn't crash Tweetbot or Safari.

cicloid超过 12 年前

Also crashes Tweetbot on the Mac

评论 #5238468 未加载

eunice超过 12 年前

Doesn't crash Safari on 10.8.2

youngerdryas超过 12 年前

评论 #5238018 未加载

评论 #5237762 未加载

camus超过 12 年前

should it be considered as a new form of attack ? utf attack , or utf malware ( that's a question ).