List of software bugs

Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being. The following is a list of software bugs with significant consequences.

Space

  • A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).[1] The initial reporting of the cause of this bug was incorrect.[2]
  • NASA's 1965 Gemini 5 mission landed 80 miles (130 km) short of its intended splashdown point due to an incorrect constant for the Earth's rotation rate. The rotation rate corresponding to the 24 hour solar day was used instead of the rotation rate relative to the fixed stars. The shorter length of the first three missions and a computer failure on Gemini 4 prevented the bug from being detected earlier.[3]
  • The Russian Space Research Institute's Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).[4]
  • The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.[5][6]
  • In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which was found in preflight testing but given a low priority as it only occurred in certain unanticipated heavy-load conditions.[7] The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.[8]
  • In 2000, a Zenit 3SL launch failed due to faulty ground software not closing a valve in the rocket's second stage pneumatic system.[9]
  • The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.[10]
  • NASA Mars Polar Lander was destroyed because its flight software mistook vibrations caused by the deployment of the stowed legs for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).[11]
  • Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands based on parameters in pound-force (lbf) rather than newtons (N).
  • A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).[12][13]
  • NASA's Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover's flash memory. It was restored to working condition after deleting unnecessary files.[14]
  • Japan's Hitomi astronomical satellite was destroyed on March 26, 2016, when a thruster fired in the wrong direction, causing the spacecraft to spin faster instead of stabilize.[15]
  • Israel's first attempt to land an unmanned spacecraft on the moon with the Beresheet was rendered unsuccessful on April 11, 2019 due to a software bug with its engine system, which prevented it from slowing down during its final descent on the moon's surface. Engineers attempted to correct this bug by remotely rebooting the engine, but by time they regained control of it, Beresheet could not slow down in time to avert a hard, crash landing that disintegrated it.[16]

Medical

  • A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of beta radiation.[17][18][19]
  • Radiation therapy planning software RTP/2 created by Multidata Systems International could incorrectly double the dosage of radiation depending on how the technician entered data into the machine. At least eight patients died, while another 20 received overdoses likely to cause significant health problems (November 2000).[20] See also Instituto Oncológico Nacional#Accident
  • A Medtronic heart device was found vulnerable to remote attacks (2008-03).[21]
  • The Becton Dickinson Alaris Gateway Workstation allows unauthorized arbitrary remote execution (2019).[22][23]
  • The CareFusion Alaris pump module (8100) will not properly delay an Infusion when the "Delay Until" option or "Multidose" feature is used (2015).[24]

Tracking years

  • The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.[25]
  • A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 231 − 1 (2,147,483,647) seconds.[26]
  • An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers' cards as expired.[27]

Electric power transmission

Administration

  • The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.

Telecommunications

  • AT&T long-distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long-distance network.[29][30]
  • In January 2009, Google's search engine erroneously notified users that every web site worldwide was potentially malicious, including its own.[31]
  • In May 2015, iPhone users discovered a bug where sending a certain sequence of characters and Unicode symbols as a text to another iPhone user would crash the receiving iPhone's SpringBoard interface,[32] and may also crash the entire phone, induce a factory reset, or disrupt the device's connectivity to a significant degree,[33] preventing it from functioning normally. The bug persisted for weeks, gained substantial notoriety and saw a number of individuals using the bug to play pranks on other iOS users, before Apple eventually patched it on June 30, 2015 with iOS 8.4.

Military

Media

  • In the Sony BMG copy protection rootkit scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD.[40] Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.[41]

Video gaming

  • Eve Online's deployment of the Trinity patch erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.[42]
  • The Corrupted Blood incident was a software bug in World of Warcraft that caused a deadly, debuff-inducing virtual disease that could only be contracted during a particular raid to be set free into the rest of the game world, leading to numerous, repeated deaths of many player characters. This caused players to avoid crowded places in-game, just like in a "real world" epidemic, and the bug became the center of some academic research on the spread of infectious diseases.[43]
  • On June 6, 2006, the online game RuneScape suffered from a bug that enabled certain player characters to kill and loot other characters, who were unable to fight back against the affected characters because the game still thought they were in player-versus-player mode even after they were kicked out of a combat ring from the house of a player who was suffering from lag while celebrating an in-game accomplishment. Players who were killed by the glitched characters lost many items, and the bug was so devastating that the players who were abusing it were soon tracked down, caught and banned permanently from the game, but not before they had laid waste to the region of Falador, thus christening the bug "Falador Massacre".[44]
  • In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.[45]
  • Upon initial release, the ZX Spectrum game Jet Set Willy was impossible to complete because of a severe bug that corrupted the game data, causing enemies and the player character to be killed in certain rooms of the large mansion where the entire game takes place.[46] The bug, known as "The Attic Bug", would occur when the player entered the mansion's attic, which would then cause an arrow to travel offscreen, out of the Spectrum's memory and into the game's memory, altering crucial variables and behavior in an undesirable way. The game's developers initially excused this bug by claiming that the affected rooms were death traps, but ultimately owned up to it and issued instructions to players on how to fix the game itself.[47]
  • The first game in the Civilization series contained a notorious bug that caused one of the world leaders, Mahatma Gandhi, to behave like an aggressive warmonger, despite being known for advocating peace in the real world. The bug, which became famously known as Nuclear Gandhi, became possible when Gandhi's aggression rating, represented as an 8-bit unsigned integer, was set to the lowest positive value of 1. If the player chose to democratize his native India, the rating would decrease by two, causing it to roll over back to the highest value, 255, thus making him the most aggressive leader in the game. The bug was so famous that the developers decided to allow players to deliberately goad Gandhi into aggressive conflict in later sequels.[48]
  • One of the free demo discs issued to PlayStation Underground subscribers in the United States contained a serious bug, particularly in the demo for Viewtiful Joe 2, that would not only crash the PlayStation 2, but would also unformat any memory cards that were plugged into that console, erasing any and all saved data onto them.[49] The bug was so severe that Sony had to apologize for it and send out free copies of other PS2 games to affected players as consolation.[50]
  • Due to a severe programming error, much of the Nintendo DS game Bubble Bobble Revolution is unplayable because a mandatory boss fight failed to trigger in the 30th level.[51]
  • An update for the Xbox 360 version of Guitar Hero II, which was intended to fix some issues with the whammy bar on that game's guitar controllers, came with a bug that caused some consoles to freeze, or even stop working altogether, producing the infamous "red ring of death".[52]
  • Valve's Steam client for Linux could accidentally delete all the user's files in every directory on the computer. This happened to users that had moved Steam's installation directory.[53] The bug is the result of unsafe shellscript programming:
STEAMROOT="$(cd "${0%/*}" && echo $PWD)"

# Scary!
rm -rf "$STEAMROOT/"*
The first line tries to find the script's containing directory. This could fail, for example if the directory was moved while the script was running, invalidating the "selfpath" variable $0. It would also fail if $0 contained no slash character, or contained a broken symlink, perhaps mistyped by the user. The way it would fail, as ensured by the && conditional, and not having set -e cause termination on failure, was to produce the empty string. This failure mode was not checked, only commented as "Scary!". Finally, in the deletion command, the slash character takes on a very different meaning from its role of path concatenation operator when the string before it is empty, as it then names the root directory.
  • Minus World is an infamous glitch level from the 1985 game Super Mario Bros., accessed by using a bug to clip through walls in level 1-2 to reach its "warp zone", which leads to the said level.[54] As this level is endless, triggering the bug that takes the player there will make the game impossible to continue until the player resets the game or runs out of lives.
  • "MissingNo." is a glitch Pokémon species present in Pokémon Red and Blue, which can be encountered by performing a particular sequence of seemingly unrelated actions. Capturing this Pokémon may corrupt the game's data, according to Nintendo[55][56][57] and some of the players who successfully attempted this glitch. This is one of the most famous bugs in video game history, and continues to be well-known.[58]

Encryption

  • In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the "random" numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.[59]
  • Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency's public access to the online filing portion of its website[60] following the theft of social insurance numbers.[61]
  • The Apple "goto fail" bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
  • The GnuTLS "goto fail" bug was similar to the Apple bug and found about two weeks later. The GnuTLS bug also allowed attackers to bypass SSL/TLS security. The GnuTLS bug was worse than the Apple bug because it affected over 200 packages on a typical Linux system.[62]

Transportation

  • By some accounts Toyota's electronic throttle control system (ETCS) had bugs that could cause sudden unintended acceleration.[63]
  • The Boeing 787 Dreamliner experienced an integer overflow bug which could shut down all electrical generators if the aircraft was on for more than 248 days.[64] A similar problem was found in Airbus A350 which need to be powered down before reaching 149 hours of continuous power-on time, otherwise certain avionics systems or functions would partially or completely fail.[65]
  • In early 2019, the transportation-rental firm Lime discovered a firmware bug with its electric scooters that can cause them to brake unexpectedly very hard, which may hurl and injure riders.[66]
  • Boeing 737 NG had all cockpit displays go blank if a specific type of instrument approach to one of seven specific airports was selected in the flight management computer.[67]
  • Bombardier CRJ-200 equipped with flight management systems by Collins Aerospace would make wrong turns during missed approach procedures executed by the autopilot in some specific cases when temperature compensation was activated in cold weather.[68]

Finance

  • The Vancouver Stock Exchange index had large errors due to repeated rounding. In January 1982 the index was initialized at 1000 and subsequently updated and truncated to three decimal places on each trade. This was done about 3000 times a day. The accumulated truncations led to an erroneous loss of around 25 points per month. Over the weekend of November 25–28, 1983, the error was corrected, raising the value of the index from its Friday closing figure of 524.811 to 1098.892.[69][70]
  • Knight Capital Group lost $440 million in 45 minutes due to the improper deployment of software on servers and the re-use of a critical software flag that caused old unused software code to execute during trading.[71]

See also

References

  1. "Space FAQ 08/13 - Planetary Probe History". faqs.org. 17 Sep 1996.
  2. Hoare, C. A. R. Hints on Programming Language Design. in Sigact/Sigplan Symposium on Principles of Programming Languages. October 1973., reprinted in Horowitz. Programming Languages, A Grand Tour, 3rd ed.. See "Mariner 1". RISKS Digest. 9 (54). 12 Dec 1989. and "Mariner I -- no holds BARred". 30 May 1989. Retrieved 2008-01-07.
  3. "Gemini 5". On The Shoulders of Titans: A History of Project Gemini.
  4. Sagdeev, R. Z.; Zakharov, A. V. (1989). "Brief history of the Phobos mission". Nature. 341 (6243): 581–585. Bibcode:1989Natur.341..581S. doi:10.1038/341581a0. S2CID 41464654.
  5. Dowson, M. (March 1997). "The Ariane 5 Software Failure". Software Engineering Notes. 22 (2): 84. doi:10.1145/251880.251992. S2CID 43439273.
  6. Jézéquel JM, Meyer B (January 1997). "Design by Contract: The Lessons of Ariane" (PDF). IEEE Computer. 30 (1): 129–130. doi:10.1109/2.562936.
  7. Heaven, Douglas (2013). "Parallel sparking: Many chips make light work". New Scientist. Elsevier BV. 219 (2930): 42–45. doi:10.1016/s0262-4079(13)62046-1. ISSN 0262-4079.
  8. Reeves, Glenn E (15 Dec 1997). "What really happened on Mars? -- Authoritative Account". research.microsoft.com. Archived from the original on 30 December 2016.CS1 maint: unfit URL (link)
  9. "Spaceflight Now - Breaking News - Sea Launch malfunction blamed on software glitch".
  10. "CryoSat Mission lost due to launch failure". European Space Agency. 8 October 2005. Retrieved 19 July 2010.
  11. "Mars Polar Lander". Archived from the original on 2012-09-27. Retrieved 2008-01-07.
  12. "Report Reveals Likely Causes of Mars Spacecraft Loss". Retrieved 2008-01-07.
  13. "Faulty Software May Have Doomed Mars Orbiter". Space.com. Archived from the original on July 24, 2008. Retrieved January 11, 2007.
  14. "Out of memory problem caused Mars rover's glitch". computerworld.com. February 3, 2004.
  15. Witze, Alexandra (2016). "Software error doomed Japanese Hitomi spacecraft". Nature. 533 (7601): 18–19. Bibcode:2016Natur.533...18W. doi:10.1038/nature.2016.19835. PMID 27147012. S2CID 4451754. Retrieved 2016-05-06.
  16. Weitering, Hanneke. "Israeli Moon Lander Suffered Engine Glitch Before Crash". Space.com. Retrieved 29 May 2019.
  17. "The Therac-25 Accidents (PDF), by Nancy Leveson" (PDF). Retrieved 2008-01-07.
  18. "An Investigation of the Therac-25 Accidents (IEEE Computer)". Retrieved 2008-01-07.
  19. "Computerized Radiation Therapy (PDF) reported by TROY GALLAGHER" (PDF). Retrieved 2011-12-12.
  20. Garfinkel, Simson (November 8, 2005). "History's Worst Software Bugs". Wired. Retrieved September 6, 2020.
  21. Feder, Barnaby J. (2008-03-12). "A Heart Device Is Found Vulnerable to Hacker Attacks". The New York Times. Retrieved 2008-09-28.
  22. "ICS Advisory (ICSMA-19-164-01)" (Press release). Cybersecurity and Infrastructure Security Agency. 2019-06-13. Retrieved 2019-11-15.
  23. Newman, Lily Hay (2019-10-01). "Decades-Old Code Is Putting Millions of Critical Devices at Risk". Wired. Retrieved 2019-11-15.
  24. "Urgent: Medical Device Recall Notification, AFFECTED DEVICE: Alaris® Pump module (Model 8100)"Delay Until" Option and "Multidose" Feature" (PDF) (Press release). CareFusion. 2014-04-23. Archived from the original (PDF) on 2015-06-12. Retrieved 2019-11-15.
  25. "Looking at the Y2K bug, portal on CNN.com". Archived from the original on 2007-12-27. Retrieved 2008-01-07.
  26. "The year 2038 bug". Retrieved 2008-01-12.
  27. Stafford, Patrick. "Businesses hit by Bank of Queensland EFTPOS bug". Archived from the original on 7 April 2014. Retrieved 1 April 2014.
  28. "Software Bug Contributed to Blackout". Retrieved 2008-01-07.
  29. Sterling, Bruce (1993). The Hacker Crackdown: Law and Disorder on the Electronic Frontier. Spectra Books. ISBN 0-553-56370-X.
  30. "The Crash of the AT&T Network in 1990". Retrieved 2008-05-15.
  31. Metz, Cade (January 31, 2009). "Google mistakes entire web for malware". The Register. Retrieved December 20, 2010.
  32. "Bug in iOS Unicode handling crashes iPhones with a simple text". Apple Insider. 26 May 2015. Retrieved 29 May 2015.
  33. Clover, Juli (26 May 2015). "New iOS Bug Crashing iPhones Simply by Receiving a Text Message". MacRumors. Retrieved 29 May 2015.
  34. "Patriot missile defense, Software problem led to system failure at Dharhan, Saudi Arabia; GAO report IMTEC 92-26". US Government Accounting Office.
  35. Skeel, Robert. "Roundoff Error and the Patriot Missile". SIAM News, volume 25, nr 4. Archived from the original on 2008-08-01. Retrieved 2008-09-30.
  36. Rogerson, Simon (April 2002). "The Chinook Helicopter Disaster". IMIS Journal. 12 (2). Archived from the original on 2012-07-17.
  37. "Software glitches leave Navy Smart Ship dead in the water". gcn.com. 13 Jul 1998. Archived from the original on 8 February 2006.
  38. "F/A-22 Program History". f-22raptor.com. Archived from the original on 25 August 2009.
  39. "Lockheed's F-22 Raptor Gets Zapped by International Date Line". DailyTech. 26 Feb 2007. Archived from the original on 16 March 2007.
  40. Borland, John (11 November 2005). "FAQ: Sony's 'rootkit' CDs - CNET News". news.com. Archived from the original on 5 December 2008.CS1 maint: unfit URL (link)
  41. Russinovich, Mark (4 Nov 2005). "Mark's Blog : More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home". blogs.technet.com. Archived from the original on 3 January 2007.
  42. "About the boot.ini issue (Dev Blog)". Retrieved 2014-09-30.
  43. Balicer, Ran (2005-10-05). "Modeling Infectious Diseases Dissemination Through Online Role-Playing Games". Epidemiology. 18 (2): 260–261. doi:10.1097/01.ede.0000254692.80550.60. PMID 17301707. S2CID 20959479.
  44. Bishop, Sam (8 June 2016). "Runescape marks the anniversary of the Falador Massacre". GameFactor. Retrieved 9 August 2018.
  45. "Pac Man'S Split Screen Level Analyzed And Fixed". Donhodges.Com. Retrieved 2012-09-19.
  46. Langshaw, Mark. "Retro Corner: 'Jet Set Willy' (Spectrum)". DigitalSpy. Retrieved 30 May 2018.
  47. "Jet Set Willy Solved!". Personal Computer Games (8): 21. July 1984. Retrieved 2014-04-19.
  48. "What caused Gandhi's insatiable bloodlust in Civilization". Geek.com. 3 November 2014. Archived from the original on 12 November 2014. Retrieved 30 April 2018.
  49. Krotoski, Aleks (2004-11-30). "Viewtiful Joe 2 demo deletes memory cards". The Guardian. Retrieved 2009-11-10.
  50. Bramwell, AleksTom (2004-12-07). "Sony to replace defective demo discs with games". Eurogamer. Retrieved 2009-11-10.
  51. "Bubble Bobble Revolution DS production issues confirmed *UPDATE*". GoNintendo. 14 Oct 2006.
  52. Bramwell, Tom (2007-04-16). "RedOctane admits to Guitar Hero II patch problem". Eurogamer. Retrieved 2016-12-02.
  53. Paul, Ian (17 Jan 2015). "Scary Steam for Linux bug erases all the personal files on your PC". PCWorld.
  54. Gach, Ethan. "The NES Classic Carries Over Classic Glitches". Kotaku Australia. Retrieved 8 March 2017.
  55. Nintendo. "Customer Service — Specific GamePak Troubleshooting". Archived from the original on January 27, 2008. Retrieved June 7, 2009.
  56. "Pokechat". Nintendo Power. Vol. 120. May 1999. p. 101.
  57. Loe, Casey (1999). Pokémon Perfect Guide Includes Red-Yellow-Blue. Versus Books. p. 125. ISBN 1-930206-15-1.
  58. "Gaming's Top 10 Easter Eggs". IGN. IGN Entertainment. April 9, 2009. p. 2. Archived from the original on February 6, 2010. Retrieved June 7, 2009.
  59. "DSA-1571-1 openssl -- predictable random number generator". Retrieved 2008-04-16.
  60. "Heartbleed bug may shut Revenue Canada website until weekend". CBC News. 2014-04-09.
  61. "Heartbleed bug: 900 SINs stolen from Revenue Canada - Business - CBC News". CBC News. Retrieved 2014-04-14.
  62. Goodin, Dan (March 4, 2014). "Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping". Ars Technica. Retrieved September 7, 2020.
  63. Dunn, Michael (28 Oct 2013). "Toyota's killer firmware: Bad design and its consequences". EDN.
  64. "To keep a Boeing Dreamliner flying, reboot once every 248 days". Engadget. 1 Apr 2015.
  65. Corfield, Gareth (25 Jul 2019). "Airbus A350 software bug forces airlines to turn planes off and on every 149 hours". The Register. Retrieved 2021-02-04.
  66. Roy, Eleanor Ainge (21 February 2019). "Auckland threatens to eject Lime scooters after wheels lock at high speed". The Guardian. Retrieved 2019-02-20.
  67. Corfield, Gareth (8 Jan 2020). "Blackout Bug: Boeing 737 cockpit screens go blank if pilots land on specific runways". The Register. Retrieved 2021-02-04.
  68. Corfield, Gareth (29 May 2020). "Software bug in Bombardier airliner made planes turn the wrong way". The Register. Retrieved 2021-02-04.
  69. Quinn, Kevin (November 8, 1983). "Ever Had Problems Rounding Off Figures? This Stock Exchange Has". The Wall Street Journal. p. 37.
  70. Wayne, Lilley (November 29, 1983). "Vancouver stock index has right number at last". The Toronto Star.
  71. Popper, Nathaniel (2 August 2012). "Knight Capital Says Trading Glitch Cost It $440 Million". New York Times.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.