Comment by Orangeair
7 years ago
Come to think of it, I believe I've heard of multiple "making the device render this text causes a crash" bugs for Apple devices, but never on any other platforms. Is this type of bug just that much more common on Apple devices, or are there plenty of other cases out there that I just don't know about?
> but never on any other platforms
There have been numerous crash-bugs for the Windows font renderer, and even security exploits using it (especially before windows 10, as earlier than that font rendering was performed in the kernel's space rather than user-land). I wouldn't be surprised to learn of issues (at least of the falling over variety) in common Linux rendering engines and for other OSs too.
The Windows bugs are usually tied into executing TTF hint bytecode which is ignored by Freetype.
FreeType used to ignore TrueType hint bytecode to avoid infringing on related patents, but those patents expired in 2010 and FreeType's interpreter is now enabled by default.
http://freetype.sourceforge.net/patents.html
Not just simple text, it's UTF-8. Rendering these UTF-8 "text bombs" seems to DoS several applications. This particular one crashes the messages app in iOS, crashes the tab in Chrome, and locks up FireFox. It also crashes several text editors which support UTF-8. Opens quickly in notepad, but takes several minutes in wordpad and it very laggy when scrolling.
> crashes the tab in Chrome, and locks up FireFox
Both of which are WebKit wrappers on iOS.
References to WordPad and notepad suggest they were not running Chrome or Firefox on iOS.
More of a potential problem than an existing one but I know potential issues have shapped how fonts are delivered on Android :
A recent version of the OS + support lib added the possibility to reference a font in your app in order to have it downloaded (if necessary) and applied to your views.
IIRC It is restricted to one font delivery system only allowing fonts available on Google fonts. Not because of a power grab, but because fonts are not just graphics but also run a bunch of code.
So unrestricted access would have been a big security hole.
If you want more details, the font team talked about it at length during an Android Developer Backstage podcast episode.
In the 90s, there was a type of AOL punter (basically DOS attacks for AOL users) that would just IM people tons of html tags (eg <h3><h3><h3>hello</h3></h3></h3> but many more nested tags) and it would freeze aol trying to render it and kick people off the internet. They eventually fixed it.
Nokia's had one.
https://www.slashgear.com/nokia-curse-of-silence-sms-bug-pre...
>or are there plenty of other cases out there that I just don't know about?
Yeah, go on IRC sometime and you’ll probably find out relatively quick.
Plenty of magic strings that break things on various platforms, hardly just an OS X thing.
I suppose because SMS/messages is tightly integrated with the operating system. It goes from the baseband, through the kernel.