Hacker News new | comments | show | ask | jobs | submit login
Tweet crashes Mac Twitter client (jwz.org)
93 points by kikibobo69 1318 days ago | hide | past | web | 57 comments | favorite



The offending tweet content:

      ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ

Edit: I've narrowed it down to the following byte sequence. I can't seem to remove any of the characters without it no longer crashing:

    00000000  d9 88 d2 88 cd a5 cd a8  cd aa cd af 20 d2 88 d2  |............ ...|
    00000010  88 d2 88                                          |...|
    00000013
Hixie's unicode decoder says this is:

    U+0648 ARABIC LETTER WAW character (و)
    U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (҈)
    U+0365 COMBINING LATIN SMALL LETTER I character (ͥ)
    U+0368 COMBINING LATIN SMALL LETTER C character (ͨ)
    U+036A COMBINING LATIN SMALL LETTER H character (ͪ)
    U+036F COMBINING LATIN SMALL LETTER X character (ͯ)
    U+0020 SPACE character
    U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (҈)
    U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (҈)
    U+0488 COMBINING CYRILLIC HUNDRED THOUSANDS SIGN character (҈)


Interesting on chrome Version 24.0.1312.57 the tab crashes when i try to view the tweet but not here.

Can someone explain what is happening and why the tweet is affecting the tab and this post does not?

In the end both just render unicode characters. And it looks like only Firefox is able to display it correctly on OSX 10.8.


Chrome uses OS X's CoreText for rendering the tab titles, but uses its own text rendering engine for the site body. CoreText is the one that crashes on that unicode.


Meanwhile on Chromium 26.0.1384.0 (build 176849) on OS X Lion everything is fine for me. The titlebar is (appropriately for the typography) messed up, but there are no tab loading issues, cpu/memory spikes, or screen corruption. The closest thing to an issue I see is that it makes using Witch's window switch dialogue a bit ugly. Contrary to the thread on jwz's journal YoruFukurou 2.77 doesn't crash or misbehave for me viewing that tweet, but behind the scenes fontd uses up a decent chunk of cpu for several seconds. Perhaps Mountain Lion has more severe bugs in CoreText?


And apparently Twitter puts the content of a tweet in the <title> tag if you are on the page for a single tweet. Surprised that doesn't cause more problems.


> And apparently Twitter puts the content of a tweet in the <title> tag if you are on the page for a single tweet.

Nope, Twitter uses a shortened, ellipsized version of the tweet as <title> ... </title>. Still, if there's Unicode in the shortened version, it might have the same outcome.


After reducing the html-code in the site, it seems to me that it is not the title that causes the crash, but the p-tag with the specific css-style applied.


Wow that renders all sorts of glitchy on iPad/safari


This is the tweet in html character entity form:

  &#1607;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#875;&#876;&#873;&#878;&#872;&#874;&#879;&#869;&#869;&#875;&#874;&#871;&#867;&#879;&#874;&#872;&#867;&#869;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#869;&#872;&#874;&#875;&#876;&#877;&#878;&#879;&#869;&#868;&#867;&#869;&#872;&#874;&#871;&#867;&#879;&#876;&#874;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#1160;&#874;&#872;&#874;&#875;&#876;&#873;&#878;&#879;&#869;&#872;&#867;&#869;&#875;&#874;&#871;&#867;&#879;&#869;&#876;&#874;


Would you mind indenting that two spaces so it shows up

  like this
rather than breaking the page layout?


And unfollowing only solves the problem until someone in your stream retweets it.

So I retweeted it.


Rendering any typeable character(s) should never crash any engine... ever. That said, unicode seems to be the last frontier for the non-viral spread of glitches.

I'm somewhat reminded of this : http://stackoverflow.com/a/1732454


It also crashes Chrome's current tab on OSX: http://imgur.com/vRn6Qid


Weird, not for me. No crash with Chrome 24.0.1312.57 on OSX 10.6.8.


I'm using 24.0.1312.57 on OSX 10.8.2. Perhaps it is a Lion/Mountain Lion thing.


I'm using Mountain Lion as well, and no crashes.


Windows 7 - Google Chrome 24.0.1312.57m

It's a little laggy, but it's rendering okay. Might be an OSX-localised issue.


Maybe depends upon language settings?


Not for me either with the same version. It doesn't even render, but it doesn't crash.


It does for me too. But not the neighbour tabs. Also 24.0.1312.57 on OS X 10.8.2.


For at least one application, the crash is in:

    0   libvDSP.dylib                 	? + 117458
    1   com.apple.CoreText            	TRun::TRun(TRun const&, CFRange, TRun::SubrangingStyle) + 850
    2   com.apple.CoreText            	CTGlyphRun::CloneRange(CTRun const*, CFRange, TRun::SubrangingStyle) + 142
    3   com.apple.CoreText            	TLine::SetLevelRange(CFRange, unsigned char, bool) + 162
    4   com.apple.CoreText            	TLine::SetTrailingWhitespaceLevel(unsigned char) + 70
    5   com.apple.CoreText            	TRunReorder::ReorderRuns(TBidiLevelsProvider const&, TLine&) + 122
    6   com.apple.CoreText            	TTypesetter::FinishLineFill(TLine&, double, double) const + 142
    7   com.apple.CoreText            	CTTypesetterCreateLine + 131
I'm not familar enough with CoreText internals to guess what's going wrong, though. :)


Is it simply zalgo text? http://eeemo.net/


Is this a mountain lion issue or does this affect lion and SL as well?


Not seeing any crashes on 10.6.x ("Snow Lion") here.


It's "Snow Leopard". Apple isn't running low enough on cats to have to resort to mythological ones just yet ;-)


Hah, you are of course correct. I can never keep the order of OSX cats straight, so I had to look up which one 10.6.x was. But then I typed it out wrong even after doing so!


Unfortunately SL,L,ML doesn't suffice because Leopard (10.5) is also L :/

Though it should be noted that there is no other version that starts with 'S' ...


Does anyone else see something funky at the top most comments?


I do. Some justaposition of random chars. I'm on an iPad, what's your machine?


I see it on my Macbook in Chrome running on Mountain Lion.


Yes, looks like this: http://s20.postimage.org/6athqkm3h/image.jpg

Interesting bug.


Ok, I narrowed down what kills Chrome.

minimalist example:

  data:text/html;charset=utf-8,<p style='font-family: "Times New Roman";'>%D9%88%20%D2%88%D2%88%D2%88

It seems to be a problem with utf-8 vs. unicode + Times New Roman.

tested on: Chrome 24.0.1312.57 | OS x 10.8.2

Edit: also works with other fonts for example Arial


Crashes Chrome on Mac (only the tab, not the whole process). Of course retweeted it!


I'm sure they'll have a bugfix release out soon to fix this.

Nah, just kidding.


Retweeted, of course.


Really interesting, played around with it locally and it just kill two random neighboring tabs, while not effecting others.

Chrome 24.0.1312.57 | OS x 10.8.2


No crash on either Chrome or Firefox on Arch Linux.


Yeah my twitter client is crashing now when I switch to another account that's already logged in.


This twitter account and tweet displays fine on TweetBot for iOS, but causes lag when scrolling.


How do you type this on a Mac?


You could turn on "Unicode Hex Input" in System Preferences > Language & Text > Input Sources and type in the unicode characters one at a time.


This is crashing nightly webkit as well, so it is likely an issue there.


Crashing for me too .. can't open Twitter.app ...

OS X 10.8.2 (12C60)


It also crashes Sublime Edit when pasted.


firefox 18.0.2 on osx seems to survive...


Though it does do unholy things to the tab/window title... :)


correct me if i'm wrong, but somebody is working right now to use this bug in some piece of malicious code...


Aaaand i locked myself out of twitter.


No crash on Chromium with Arch Linux


Doesn't crash Tweetbot or Safari.


Also crashes Tweetbot on the Mac


If it's a CoreText bug, which is sounds like it is, it's going to impact any iOS or OS X app that uses Core Text for rendering. That's pretty much everyone.


Doesn't crash Safari on 10.8.2


<p class="js-tweet-text tweet-text ">ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ</p>

Cool.

.

.

Edit: Apparently it is only the unicode

>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ>ه҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͫͬͩͮͨͪͯͥͥͫͪͧͣͯͪͨͣͥͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͥͨͪͫͬͭͮͯͥͤͣͥͨͪͧͣͯͬͪ ҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈҈ͪͨͪͫͬͩͮͯͥͨͣͥͫͪͧͣͯͥͬͪ

.

.

.

How is this possible?


Your post corrupts the rendering of this page on my iPad (4 iOS 6).

http://s20.postimage.org/6athqkm3h/image.jpg


I know I see the same on Windows and OSX. Apparently it has something to do with Unicode scripts.

http://en.wikipedia.org/wiki/Script_(Unicode)

Edit: It is slightly different looking on Win7.


should it be considered as a new form of attack ? utf attack , or utf malware ( that's a question ).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: