Last active
October 3, 2019 18:18
-
-
Save landonf/4696301 to your computer and use it in GitHub Desktop.
Explaining the File:/// bug. See also http://openradar.appspot.com/13128709
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In DDResultCopyExtractedURL in the DataDetectorsCore.framework, file:// URLs are sanity-checked with an assert: | |
| 0xCB86 loc_CB86: | |
| 0xCB86 lea rsi, cfstr_File ; "file://" | |
| 0xCB8D mov rdi, rbx | |
| 0xCB90 call _CFStringHasPrefix ; Check if the string starts with 'file://' | |
| ; Yes, this is case sensitive, which is why the test fails | |
| 0xCB95 test al, al | |
| 0xCB97 jne short loc_CBD4 ; If CFStringHasPrefix returns true, jump past the assert | |
| ; Otherwise, the following code triggers an assert: | |
| 0xCB99 lea rdi, aCfstringhaspre ; "CFStringHasPrefix(urlVal, CFSTR(\"file:/"... | |
| 0xCBA0 lea rsi, aSourcecache_51 ; "/SourceCache/DataDetectorsCore/DataDete"... | |
| 0xCBA7 lea rdx, aDdresultcopy_1 ; "DDResultCopyExtractedURL" | |
| 0xCBAE lea r14, cfstr_WrongExtractio ; "wrong extraction: %@" | |
| 0xCBB5 mov ecx, 628h | |
| 0xCBBA mov r8, r14 | |
| 0xCBBD mov r9, rbx | |
| 0xCBC0 xor al, al | |
| 0xCBC2 call _DDLogAssertionFailure | |
| 0xCBC7 mov rdi, r14 | |
| 0xCBCA mov rsi, rbx | |
| 0xCBCD xor al, al | |
| 0xCBCF call _DDCrash |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Evil fix for x86_64 / 10.8.2. ____Don't actually use this____. This is just for entertainment. | |
| We just change the 'jne' to non-conditional 'jmp': | |
| printf '\xeb' | dd bs=1 seek=646039 count=1 conv=notrunc of=/System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/Current/DataDetectorsCore | |
| eg, | |
| 0xCB97 jne short loc_CBD4 ; If CFStringHasPrefix returns true, jump past the assert | |
| .... becomes: | |
| 0xCB97 jmp short loc_CBD4 ; Always jump past the assert | |
| And now you no longer crash. |
@pvaibhav: Actually, the DataDetectorsCore bundle fails Code Signing verification out of the box, so applying this patch will have no additional adverse effects on the validity of the bundle (the error message will change but ultimately it was invalid in the first place). I've been running with this binary patch for at least 12 hours and I've noticed no problems. I'd back up the original version anyway, though, there's no telling what Software Update might do when 10.8.3 comes out.
@landonf: patch for the 32-bit version: printf '\xeb' | dd bs=1 seek=58303 count=1 conv=notrunc of=/System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/Current/DataDetectorsCore
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Won't this fail Code Signing checks on the binary? Also, won't not restarting after patching cause problems with unified buffer cache (probably that binary is already loaded and cached)?