
Tweet crashes Mac Twitter client - kikibobo69
http://www.jwz.org/blog/2013/02/you-doom-us-all-to-inhuman-toil-for-the-one-whose-name-cannot-be-expressed-in-one-hundred-forty-characters/
======
mmastrac
The offending tweet content:

    
    
          ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ
    
    

Edit: I've narrowed it down to the following byte sequence. I can't seem to
remove any of the characters without it no longer crashing:

    
    
        00000000  d9 88 d2 88 cd a5 cd a8  cd aa cd af 20 d2 88 d2  |............ ...|
        00000010  88 d2 88                                          |...|
        00000013
    

Hixie's unicode decoder says this is:

    
    
        U+0648 ARABIC LETTER WAW character (&#x0648;)
        U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;)
        U+0365 COMBINING LATIN SMALL LETTER I character (&#x0365;)
        U+0368 COMBINING LATIN SMALL LETTER C character (&#x0368;)
        U+036A COMBINING LATIN SMALL LETTER H character (&#x036A;)
        U+036F COMBINING LATIN SMALL LETTER X character (&#x036F;)
        U+0020 SPACE character
        U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;)
        U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;)
        U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (&#x0488;)

~~~
spdy
Interesting on chrome Version 24.0.1312.57 the tab crashes when i try to view
the tweet but not here.

Can someone explain what is happening and why the tweet is affecting the tab
and this post does not?

In the end both just render unicode characters. And it looks like only Firefox
is able to display it correctly on OSX 10.8.

~~~
DouweM
Chrome uses OS X's CoreText for rendering the tab titles, but uses its own
text rendering engine for the site body. CoreText is the one that crashes on
that unicode.

~~~
NelsonMinar
And apparently Twitter puts the content of a tweet in the <title> tag if you
are on the page for a single tweet. Surprised that doesn't cause more
problems.

~~~
lutusp
> And apparently Twitter puts the content of a tweet in the <title> tag if you
> are on the page for a single tweet.

Nope, Twitter uses a shortened, ellipsized version of the tweet as <title> ...
</title>. Still, if there's Unicode in the shortened version, it might have
the same outcome.

------
a_p
This is the tweet in html character entity form:

    
    
      &#1607;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#875;&#876;&#873;&#878;&#872;&#874;&#879;&#869;&#869;&#875;&#874;&#871;&#867;&#879;&#874;&#872;&#867;&#869;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#869;&#872;&#874;&#875;&#876;&#877;&#878;&#879;&#869;&#868;&#867;&#869;&#872;&#874;&#871;&#867;&#879;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#872;&#874;&#875;&#876;&#873;&#878;&#879;&#869;&#872;&#867;&#869;&#875;&#874;&#871;&#867;&#879;&#869;&#876;&#874;

~~~
Groxx
Would you mind indenting that two spaces so it shows up

    
    
      like this
    

rather than breaking the page layout?

------
bsg75
And unfollowing only solves the problem until someone in your stream retweets
it.

So I retweeted it.

------
eksith
Rendering any typeable character(s) should never crash any engine... ever.
That said, unicode seems to be the last frontier for the non-viral spread of
glitches.

I'm somewhat reminded of this : <http://stackoverflow.com/a/1732454>

------
signed0
It also crashes Chrome's current tab on OSX: <http://imgur.com/vRn6Qid>

~~~
_delirium
Weird, not for me. No crash with Chrome 24.0.1312.57 on OSX 10.6.8.

~~~
signed0
I'm using 24.0.1312.57 on OSX 10.8.2. Perhaps it is a Lion/Mountain Lion
thing.

~~~
Rayne
I'm using Mountain Lion as well, and no crashes.

~~~
csmattryder
Windows 7 - Google Chrome 24.0.1312.57m

It's a little laggy, but it's rendering okay. Might be an OSX-localised issue.

------
duskwuff
For at least one application, the crash is in:

    
    
        0   libvDSP.dylib                 	? + 117458
        1   com.apple.CoreText            	TRun::TRun(TRun const&, CFRange, TRun::SubrangingStyle) + 850
        2   com.apple.CoreText            	CTGlyphRun::CloneRange(CTRun const*, CFRange, TRun::SubrangingStyle) + 142
        3   com.apple.CoreText            	TLine::SetLevelRange(CFRange, unsigned char, bool) + 162
        4   com.apple.CoreText            	TLine::SetTrailingWhitespaceLevel(unsigned char) + 70
        5   com.apple.CoreText            	TRunReorder::ReorderRuns(TBidiLevelsProvider const&, TLine&) + 122
        6   com.apple.CoreText            	TTypesetter::FinishLineFill(TLine&, double, double) const + 142
        7   com.apple.CoreText            	CTTypesetterCreateLine + 131
    

I'm not familar enough with CoreText internals to guess what's going wrong,
though. :)

------
ihsw
Is it simply zalgo text? <http://eeemo.net/>

------
niggler
Is this a mountain lion issue or does this affect lion and SL as well?

~~~
_delirium
Not seeing any crashes on 10.6.x ("Snow Lion") here.

~~~
Zirro
It's "Snow Leopard". Apple isn't running low enough on cats to have to resort
to mythological ones just yet ;-)

~~~
_delirium
Hah, you are of course correct. I can never keep the order of OSX cats
straight, so I had to look up which one 10.6.x was. But then I typed it out
wrong even after doing so!

~~~
niggler
Unfortunately SL,L,ML doesn't suffice because Leopard (10.5) is also L :/

Though it should be noted that there is no other version that starts with 'S'
...

------
general_failure
Does anyone else see something funky at the top most comments?

~~~
emiliobumachar
I do. Some justaposition of random chars. I'm on an iPad, what's your machine?

~~~
kawsper
I see it on my Macbook in Chrome running on Mountain Lion.

------
zmarn
Ok, I narrowed down what kills Chrome.

minimalist example:

    
    
      data:text/html;charset=utf-8,<p style='font-family: "Times New Roman";'>%D9%88%20%D2%88%D2%88%D2%88
    
    

It seems to be a problem with utf-8 vs. unicode + Times New Roman.

tested on: Chrome 24.0.1312.57 | OS x 10.8.2

Edit: also works with other fonts for example Arial

------
alpb
Crashes Chrome on Mac (only the tab, not the whole process). Of course
retweeted it!

------
lukeman
I'm sure they'll have a bugfix release out soon to fix this.

Nah, just kidding.

------
ExtraJ
Retweeted, of course.

------
zmarn
Really interesting, played around with it locally and it just kill two random
neighboring tabs, while not effecting others.

Chrome 24.0.1312.57 | OS x 10.8.2

------
renanbirck
No crash on either Chrome or Firefox on Arch Linux.

------
webbruce
Yeah my twitter client is crashing now when I switch to another account that's
already logged in.

------
ihuman
This twitter account and tweet displays fine on TweetBot for iOS, but causes
lag when scrolling.

------
itistoday2
How do you type this on a Mac?

~~~
myhf
You could turn on "Unicode Hex Input" in System Preferences > Language & Text
> Input Sources and type in the unicode characters one at a time.

------
cleverjake
This is crashing nightly webkit as well, so it is likely an issue there.

------
zemanel
Crashing for me too .. can't open Twitter.app ...

OS X 10.8.2 (12C60)

------
Void_
It also crashes Sublime Edit when pasted.

------
younata
firefox 18.0.2 on osx seems to survive...

~~~
shardling
Though it does do unholy things to the tab/window title... :)

------
sebastianavina
correct me if i'm wrong, but somebody is working right now to use this bug in
some piece of malicious code...

------
keikun17
Aaaand i locked myself out of twitter.

------
Systemic33
No crash on Chromium with Arch Linux

------
eridius
Doesn't crash Tweetbot or Safari.

------
cicloid
Also crashes Tweetbot on the Mac

~~~
objclxt
If it's a CoreText bug, which is sounds like it is, it's going to impact any
iOS or OS X app that uses Core Text for rendering. That's pretty much
everyone.

------
eunice
Doesn't crash Safari on 10.8.2

------
youngerdryas
<p class="js-tweet-text tweet-text
">ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ</p>

Cool.

.

.

Edit: Apparently it is only the unicode

>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ
҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ

.

.

.

How is this possible?

~~~
dade_
Your post corrupts the rendering of this page on my iPad (4 iOS 6).

<http://s20.postimage.org/6athqkm3h/image.jpg>

~~~
youngerdryas
I know I see the same on Windows and OSX. Apparently it has something to do
with Unicode scripts.

<http://en.wikipedia.org/wiki/Script_(Unicode)>

Edit: It is slightly different looking on Win7.

------
camus
should it be considered as a new form of attack ? utf attack , or utf malware
( that's a question ).

