back to article Benign bug in iOS and iPadOS crashes gizmos with just four characters

Typing a special four-character string will crash your iPhone thanks to a newly discovered, albeit benign, bug in iOS and iPadOS.  The bug affects SpringBoard, the underlying application that manages iPhone and iPad home screens. Simply typing "":: in a select few search bars within iOS and iPadOS will cause apps to abort in …

  1. TimMaher Silver badge
    Pint

    Yaayyy!!!!

    Got there first!

    Having a beer.

  2. sarusa Silver badge
    FAIL

    Aaaaand another parsing error

    It's amazing (but not amazing) how many times over the decades parsing errors are crashers. Nobody writing parsers ever seems to think of the worst case scenarios, and then of course someone finds it.

    Especially when the parser starts out simple, then a thousand increasingly complex use cases are stacked on top of it. I'm guessing whatever's looking for "[x]" and [y]:[z] are two separate bits of logic in the parser, both added much later, and the "" parsing sets something the : parsing doesn't expect and it goes right off the end of the string.

    This is where fuzz testing helps a lot.

    1. John Robson Silver badge

      Re: Aaaaand another parsing error

      My guess is that "http": wouldn't cause the crash...

      1. doublelayer Silver badge

        Re: Aaaaand another parsing error

        "http": doesn't match the pattern because you need another character after the colon, so it doesn't cause a crash, but "http":/ does. Just tested it. The Settings app didn't like it.

    2. Gene Cash Silver badge

      Re: Aaaaand another parsing error

      Parsers are actually really hard. A lot of the field of compiler theory is writing robust parsers and handling ill-formed text without crashing.

      In a lot of languages, it's actually really difficult to find out exactly where a syntax error is so you can emit an appropriate error message. Are there too many closing braces, or is it actually an opening brace was omitted?

      Edit: I remember a couple BASICs that would just go "syntax error" and not even attempt to tell you which line.

      1. Dinanziame Silver badge
        Trollface

        Re: Aaaaand another parsing error

        This is where Perl is great — whatever you type, it's never a syntax error. It always means something!

        1. Gene Cash Silver badge

          Re: Aaaaand another parsing error

          "It's copy protected... I wrote it in Perl"

      2. Anonymous Coward
        Anonymous Coward

        Re: Aaaaand another parsing error

        That depends quite a bit on just what you're doing and how you're going about it. If doing, say, a Crenshaw-style parser, it's not hard to keep track of exactly where you are in the input and exactly what it is that you're expecting right now to be in there. It is quite limited in what sort of grammar it can parse, but search input should be well within its capabilities. Going backward and forward (with a more advanced method) covering for all the overlapping possibilities is one way that things can get hairy in a hurry.

        Though thinking about this scenario, the quotes might introduce a token even though it turns out to be empty, and the colon might trigger a keyword lookup (like site or inurl or whatever, just guessing here), and the lookup assumes the token isn't empty. If that's the case, then this is a simple broken-and-unchecked assumption.

        1. doublelayer Silver badge

          Re: Aaaaand another parsing error

          It doesn't look that easy because any string inside the quotation marks does the same thing. Maybe there are a few tokens that, if placed in there, would do something and not crash, but if so, it's not just a missing check for an empty string but a check for being present in a list of recognized tokens.

      3. that one in the corner Silver badge

        Re: Aaaaand another parsing error

        > In a lot of languages, it's actually really difficult to find out exactly where a syntax error is so you can emit an appropriate error message. Are there too many closing braces, or is it actually an opening brace was omitted?

        True, some languages are very hard to parse. C++ can be a right bugger.

        But why is there anything even vaguely complicated to parse in a search box for Settings or Notes? What could even need proper parsing? That is, anything more complicated than a bit of lexing or even, dare I say it, trying out a few select regexs on the input?

        Someone suggested that the presence of colons in the trigger phrases could be related to looking for URLs - in which case, what kind of URL starts with quotes (or are those apostrophes, no matter, same response)?[1]

        If you have a search box routinely worrying about such things as matching parentheses then something has gone very wrong somewhere!

        [1] before you ask, yes, I have written a lexer that looks for URLs, as part of a Wiki parser - which never generates an error message, a "failed" parse just gives up and leaves that bit untouched, attaching no special significance to it - which is what I'd expect a search box to do when you gave it "malformed input": just search for that exact string without even attempting whatever cleverness it was hoping to do. Duff URLs don't get converted into hyperlinks, loony dates don't get added to the timeline, malformed smileys are not replaced by any appropriate image.

    3. Dinanziame Silver badge
      Coat

      Fuzz testing

      A test engineer enters a bar and orders a beer

      A test engineer enters a bar and orders a thousand beer

      A test engineer enters a bar and orders zero beer

      A test engineer enters a bar and orders minus one beer

      A test engineer enters a bar and orders NaN beer

      A test engineer enters a bar and orders beer

      A test engineer enters a bar and orders a coat

      ...

      1. Robin

        Re: Fuzz testing

        I've only ever got as far as the second test, but it never succeeds. I keep re-running the test from time to time, though...

      2. redpola

        Re: Fuzz testing

        A test engineer enters a bar, runs a brute force fuzzer against the code, and observes a thousand crashes.

        Which should they raise as defect reports, knowing that raising all 1000 defect reports will crash the engineering team for a six months?

      3. MonkeyJuice Bronze badge

        Re: Fuzz testing

        A scrum master then enters the bar and orders a long island ice tea.

        The bar explodes.

  3. VicMortimer Silver badge

    Does not work on iOS 18 public beta 5.

    Works on iOS 16.7.10.

    1. PRR Silver badge

      Does not work on 15.8.3 on iPhone 7 (no SIM card)

    2. Anonymous Coward
      Anonymous Coward

      Inquiring bug triagers want to know

      When you say it "works on", do you mean the attempt to cause a problem did cause a problem, so the method to *break* the phone works, or did you mean that the *phone* works without a problem, i.e. the attempt to cause a problem did not work?

      And did you mean "whatever I meant, it happens that way on the one or two devices I happen to have to hand" or "across all 127 devices I was able to test" or "I'm just reporting what a bloke down the pub told me is going on"?

  4. Anonymous Coward
    Anonymous Coward

    Trying it on my devi

    1. Anonymous Coward
      Anonymous Coward

      Hahaha, well done.

      :)

    2. Anonymous Coward
      Anonymous Coward

      I don't get it!

      1. collinsl Silver badge

        Well if you type in the code then your comment suddenly

        1. Anonymous Coward
          Anonymous Coward

          Oh, thanks!

          I was overthinking it. I was trying to work out where " " : : would come into that sentence!

  5. Neil Barnes Silver badge
    Angel

    ...but it didn't immediately respond

    Perhaps you shouldn't have included the miscreant string in your request?

  6. Eponymous Bastard
    Thumb Up

    Well I never!

    Stifling guffaws.

  7. gnasher729 Silver badge

    It’s a different thing if you have that kind of crash while you are in the process of rebooting a PC. If you result is an attempt to reboot again, which crashes again and so on.

  8. Anonymous Coward
    Anonymous Coward

    Found one on Linux

    I typed in the letter sequence reboot in a terminal and the whole OS restarted.

    1. Mishak Silver badge

      Back in the days of DOS...

      A friend was using Word (2?) and couldn't remember the shortcut sequence for some formatting so started randomly trying things.

      The screen suddenly went blank and the machine restarted - turns out ctrl-alt-del was the shortcut for "drop this document".

    2. TimMaher Silver badge
      Coat

      Re: Found one on Linux

      Was that with or without a “sudo” ?

      Just asking for a coat.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like