List of software bugs

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being. The following is a list of notable software bugs with significant consequences:

Space exploration[edit]

  • A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).[1] Note that the initial reporting of the cause of this bug was incorrect.[2]
  • The Russian Space Research Institute's Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).[3]
  • The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.[4]
  • In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which had not been found in preflight testing because it only occurred in certain unanticipated heavy-load conditions.[5] The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.[6][7]
  • The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.[8]
  • NASA Mars Polar Lander was destroyed because its flight software mistook vibrations due to atmospheric turbulence for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).[9]
    • Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands in pound-force (lbf), while the orbiter expected newtons (N).
  • A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).[10][11]
  • NASA's Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover's flash memory. It was restored to working condition after deleting unnecessary files.[12]

Medical[edit]

  • A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of X-rays.[13][14][15]
  • A Medtronic heart device was found vulnerable to remote attacks in March 2008.[16]

Tracking years[edit]

  • The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.[17]
  • A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 231 − 1 (2,147,483,647) seconds.[18]
  • An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers' cards as expired.[19]

Electric power transmission[edit]

Administration[edit]

  • The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.[citation needed]

Telecommunications[edit]

  • AT&T long distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long distance network.[21][22]
  • In January 2009, Google's search engine erroneously notified users that every web site world wide was potentially malicious, including its own.[23]

Military[edit]

Media[edit]

  • In the Sony BMG CD copy prevention scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD.[30] Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.[31]

Video gaming[edit]

  • Eve Online's deployment of the Trinity patch, which erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.[32]
  • The Corrupted Blood incident was a software bug in World of Warcraft that caused a status ailment, that was supposed to be locally restricted to a certain level of the game, to be set free, affecting all players everywhere in the virtual game world. This caused players to avoid crowded places in-game, just like in a "real world" epidemic, and the bug became the centre of some academic research on the spread of infectious diseases.[33]
  • In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.[34]

Encryption[edit]

  • In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the "random" numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.[35]
  • Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency's public access to the online filing portion of its website[36] following the theft of social insurance numbers.[37]
  • The Apple Computer, Inc. "goto fail" bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.

Transportation[edit]

  • Toyota's electronic throttle control system (ETCS) had bugs that could cause unintended acceleration.[38] At least 89 people were killed as a result.[39]

References[edit]

  1. ^ "Space FAQ 08/13 – Planetary Probe History". Retrieved 2008-01-07. 
  2. ^ Hoare, C. A. R. Hints on Programming Language Design.  in Sigact/Sigplan Symposium on Principles of Programming Languages. October 1973. , reprinted in Horowitz. Programming Languages, A Grand Tour, 3rd ed. . See Risks Digest: Mariner 1, Vol. 9: Iss. 54, 12 Dec 89 (and "Mariner I -- no holds BARred". Retrieved 2008-01-07. 
  3. ^ R. Z. Sagdeev & A. V. Zakharov (1989). "Brief history of the Phobos mission". Nature 341 (6243): 581–585. Bibcode:1989Natur.341..581S. doi:10.1038/341581a0. 
  4. ^ Dowson, M. (March 1997). "The Ariane 5 Software Failure". Software Engineering Notes 22 (2): 84. doi:10.1145/251880.251992. 
  5. ^ Parallel sparking: Many chips make light work, Douglas Heaven, New Scientist magazine, issue 2930, 19 August 2013, p44. Online (by subscription)
  6. ^ What Really Happened on Mars by Glenn Reeves of the JPL Pathfinder team
  7. ^ Explanation of priority inversion problem experienced by Mars Pathfinder
  8. ^ "CryoSat Mission lost due to launch failure". European Space Agency. 8 October 2005. Retrieved 19 July 2010. 
  9. ^ "Mars Polar Lander". Retrieved 2008-01-07. 
  10. ^ "Report Reveals Likely Causes of Mars Spacecraft Loss". Retrieved 2008-01-07. 
  11. ^ "Faulty Software May Have Doomed Mars Orbiter". Space.com. Retrieved January 11, 2007. [dead link]
  12. ^ "Out of memory problem caused Mars rover's glitch". computerworld.com. February 3, 2004. 
  13. ^ "The Therac-25 Accidents (PDF), by Nancy Leveson" (PDF). Retrieved 2008-01-07. 
  14. ^ "An Investigation of the Therac-25 Accidents (IEEE Computer)". Retrieved 2008-01-07. 
  15. ^ "Computerized Radiation Therapy (PDF) reported by TROY GALLAGHER". Retrieved 2011-12-12. 
  16. ^ Feder, Barnaby J. (2008-03-12). "A Heart Device Is Found Vulnerable to Hacker Attacks". The New York Times. Retrieved 2008-09-28. 
  17. ^ "Looking at the Y2K bug, portal on CNN.com". Archived from the original on 2007-12-27. Retrieved 2008-01-07. 
  18. ^ "The year 2038 bug". Retrieved 2008-01-12. 
  19. ^ Stafford, Patrick. "Businesses hit by Bank of Queensland EFTPOS bug". Retrieved 1 April 2014. 
  20. ^ "Software Bug Contributed to Blackout". Retrieved 2008-01-07. 
  21. ^ Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier (ISBN 0-553-56370-X). Spectra Books. 
  22. ^ "The Crash of the AT&T Network in 1990". Retrieved 2008-05-15. 
  23. ^ Cade Metz (January 31, 2009). "Google mistakes entire web for malware". The Register. Retrieved December 20, 2010. 
  24. ^ "Patriot missile defense, Software problem led to system failure at Dharhan, Saudi Arabia; GAO report IMTEC 92-26". US Government Accounting Office. 
  25. ^ Robert Skeel. "Roundoff Error and the Patriot Missile". SIAM News, volume 25, nr 4. Retrieved 2008-09-30. 
  26. ^ "The Chinook Helicopter Disaster". Retrieved 2008-01-07. 
  27. ^ "Software glitches leave Navy Smart Ship dead in the water". Archived from the original on 2007-12-13. Retrieved 2008-01-07. 
  28. ^ "F-22 Timeline." f-22raptor.com. Retrieved: 23 July 2009.
  29. ^ "Lockheed's F-22 Raptor Gets Zapped by International Date Line: Raptors arrive at Kadena." Air Force, 26 February 2007.
  30. ^ "Sony's 'rootkit' CDs". Retrieved 2008-05-15. 
  31. ^ "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home", Mark's Blog, November 4, 2005, retrieved November 22, 2006.
  32. ^ "About the boot.ini issue (Dev Blog)". Retrieved 2014-09-30. 
  33. ^ Balicer, Ran (2005-10-05). "Modeling Infectious Diseases Dissemination Through Online Role-Playing Games". Epidemiology 18 (2): 260–261. doi:10.1097/01.ede.0000254692.80550.60. PMID 17301707. 
  34. ^ "Pac Man'S Split Screen Level Analyzed And Fixed". Donhodges.Com. Retrieved 2012-09-19. 
  35. ^ "DSA-1571-1 openssl -- predictable random number generator". Retrieved 2008-04-16. 
  36. ^ "Heartbleed bug may shut Revenue Canada website until weekend". CBC News. 2014-04-09. 
  37. ^ "Heartbleed bug: 900 SINs stolen from Revenue Canada - Business - CBC News". CBC News. Retrieved 2014-04-14. 
  38. ^ "Toyota's killer firmware: Bad design and its consequences". 
  39. ^ "Toyota "Unintended Acceleration" Has Killed 89". cbsnews. Retrieved 2014-03-20.