List of software bugs
From Wikipedia, the free encyclopedia
Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being. The following is a list of notable software bugs with significant consequences:
- A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962). Note that the initial reporting of the cause of this bug was incorrect.
- The Russian Space Research Institute's Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).
- The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.
- The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.
- NASA Mars Polar Lander was destroyed because its flight software mistook vibrations due to atmospheric turbulence for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).
- Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands in pound-force (lbf), while the orbiter expected newtons (N).
- A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).
- NASA's Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover's flash memory. It was restored to working condition after deleting unnecessary files.
- A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of X-rays.
- A Medtronic heart device was found vulnerable to remote attacks in March 2008.
Main article: Time formatting and storage bugs
- The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.
- A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 231 − 1 (2,147,483,647) seconds.
- An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers' cards as expired.
Electric power transmission
- The 2003 North America blackout was triggered by a local outage that went undetected due to a race condition in General Electric Energy's XA/21 monitoring software.
- The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.
- AT&T long distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long distance network.
- In January 2009, Google's search engine erroneously notified users that every web site world wide was potentially malicious, including its own.
- The software error of a MIM-104 Patriot, caused its system clock to drift by one third of a second over a period of one hundred hours – resulting in failure to locate and intercept an incoming missile. The Iraqi missile impacted in a military compound in Dhahran, Saudi Arabia (February 25, 1991), killing 28 Americans.
- A Chinook crash on Mull of Kintyre in June 1994. A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre, killing 29. This was initially dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft's engine control computer.
- Smart ship USS Yorktown was left dead in the water in 1997 for nearly 3 hours after a divide by zero error.
- In April 1992 the first F-22 Raptor crashed while landing at Edwards Air Force Base, California. The cause of the crash was found to be a flight control software error that failed to prevent a pilot-induced oscillation.
- While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six F-22 Raptors flying from Hickam AFB, Hawaii, experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers, something that might have been problematic had the weather not been good. The error was fixed within 48 hours, allowing a delayed deployment.
- In the Sony BMG CD copy prevention scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD. Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.
- Eve Online's deployment of the Trinity patch, which erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.
- The Corrupted Blood incident was a software bug in World of Warcraft that caused a status ailment, that was supposed to be locally restricted to a certain level of the game, to be set free, affecting all players everywhere in the virtual game world. This caused players to avoid crowded places in-game, just like in a "real world" epidemic, and the bug became the centre of some academic research on the spread of infectious diseases.
- In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.
- In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the "random" numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.
- Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency's public access to the online filing portion of its website following the theft of social insurance numbers.
- The Apple Computer, Inc. "goto fail" bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
- Toyota's electronic throttle control system (ETCS) had bugs that could cause unintended acceleration. At least 89 people were killed as a result.
- "Space FAQ 08/13 – Planetary Probe History". Retrieved 2008-01-07.
- Hoare, C. A. R. Hints on Programming Language Design. in Sigact/Sigplan Symposium on Principles of Programming Languages. October 1973., reprinted in Horowitz. Programming Languages, A Grand Tour, 3rd ed.. See Risks Digest: Mariner 1, Vol. 9: Iss. 54, 12 Dec 89 (and "Mariner I -- no holds BARred". Retrieved 2008-01-07.
- R. Z. Sagdeev & A. V. Zakharov (1989). "Brief history of the Phobos mission". Nature 341 (6243): 581–585. Bibcode:1989Natur.341..581S. doi:10.1038/341581a0.
- Dowson, M. (March 1997). "The Ariane 5 Software Failure". Software Engineering Notes 22 (2): 84. doi:10.1145/251880.251992.
- "CryoSat Mission lost due to launch failure". European Space Agency. 8 October 2005. Retrieved 19 July 2010.
- "Mars Polar Lander". Retrieved 2008-01-07.
- "Report Reveals Likely Causes of Mars Spacecraft Loss". Retrieved 2008-01-07.
- "Faulty Software May Have Doomed Mars Orbiter". Space.com. Retrieved January 11, 2007.[dead link]
- "Out of memory problem caused Mars rover's glitch". computerworld.com. February 3, 2004.
- "The Therac-25 Accidents (PDF), by Nancy Leveson" (PDF). Retrieved 2008-01-07.
- "An Investigation of the Therac-25 Accidents (IEEE Computer)". Retrieved 2008-01-07.
- "Computerized Radiation Therapy (PDF) reported by TROY GALLAGHER". Retrieved 2011-12-12.
- Feder, Barnaby J. (2008-03-12). "A Heart Device Is Found Vulnerable to Hacker Attacks". The New York Times. Retrieved 2008-09-28.
- "Looking at the Y2K bug, portal on CNN.com". Archived from the original on 2007-12-27. Retrieved 2008-01-07.
- "The year 2038 bug". Retrieved 2008-01-12.
- Stafford, Patrick. "Businesses hit by Bank of Queensland EFTPOS bug". Retrieved 1 April 2014.
- "Software Bug Contributed to Blackout". Retrieved 2008-01-07.
- Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier (ISBN 0-553-56370-X). Spectra Books.
- "The Crash of the AT&T Network in 1990". Retrieved 2008-05-15.
- Cade Metz (January 31, 2009). "Google mistakes entire web for malware". The Register. Retrieved December 20, 2010.
- "Patriot missile defense, Software problem led to system failure at Dharhan, Saudi Arabia; GAO report IMTEC 92-26". US Government Accounting Office.
- Robert Skeel. "Roundoff Error and the Patriot Missile". SIAM News, volume 25, nr 4. Retrieved 2008-09-30.
- "The Chinook Helicopter Disaster". Retrieved 2008-01-07.
- "Software glitches leave Navy Smart Ship dead in the water". Archived from the original on 2007-12-13. Retrieved 2008-01-07.
- "F-22 Timeline." f-22raptor.com. Retrieved: 23 July 2009.
- "Lockheed's F-22 Raptor Gets Zapped by International Date Line: Raptors arrive at Kadena." Air Force, 26 February 2007.
- "Sony's 'rootkit' CDs". Retrieved 2008-05-15.
- "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home", Mark's Blog, November 4, 2005, retrieved November 22, 2006.
- "About the boot.ini issue (Dev Blog)". Retrieved 2008-03-08.
- Balicer, Ran (2005-10-05). "Modeling Infectious Diseases Dissemination Through Online Role-Playing Games". Epidemiology 18 (2): 260–261. doi:10.1097/01.ede.0000254692.80550.60. PMID 17301707.
- "Pac Man'S Split Screen Level Analyzed And Fixed". Donhodges.Com. Retrieved 2012-09-19.
- "DSA-1571-1 openssl -- predictable random number generator". Retrieved 2008-04-16.
- "Heartbleed bug may shut Revenue Canada website until weekend". CBC News. 2014-04-09.
- "Heartbleed bug: 900 SINs stolen from Revenue Canada - Business - CBC News". CBC News. Retrieved 2014-04-14.
- "Toyota's killer firmware: Bad design and its consequences".
- "Toyota "Unintended Acceleration" Has Killed 89". cbsnews. Retrieved 2014-03-20.