Corrupt the Objective-C runtime's structures

Write garbage into data areas used by the Objective-C runtime to track classes and objects.

Bugs of this nature are why crash reporters cannot use Objective-C in their crash handling code, as attempting to do so is likely to lead to a crash in the crash reporting code.

Provider X86-64
HockeyApp
SDK: 4.1.2 Date: 02/124/2017 (i)
Bugsnag
SDK: 5.0.0 Date: 02/16/2016 (i)
Crashlytics
SDK: 3.4.1 Date: 12/10/2015 (i)
Apple
Date: 06/24/2015 (i)

Expected Report Details:

-[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
-[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)

Click a status icon above to see the crashing thread’s stack trace with further info.

HockeyApp - x86_64

Exception Type:  SIGBUS
Exception Codes: BUS_ADRERR at 0x0
Crashed Thread:  0

Application Specific Information:
Selector name found in current argument registers: description

Thread 0 Crashed:
0  libobjc.A.dylib       0x00007fffde66fac2 cache_getImp + 18
1  libobjc.A.dylib       0x00007fffde6705d4 _objc_msgSend_uncached + 68
2  CrashLib              0x000000010fe62c57 -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
3  CrashProbe            0x000000010fe50b3d -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
4  libsystem_trace.dylib 0x00007fffdf193c3d _os_activity_initiate + 61
5  AppKit                0x00007fffc7cb7c9c -[NSApplication(NSResponder) sendAction:to:from:] + 456
6  AppKit                0x00007fffc779d460 -[NSControl sendAction:to:] + 86
7  AppKit                0x00007fffc779d388 __26-[NSCell _sendActionFrom:]_block_invoke + 136
8  libsystem_trace.dylib 0x00007fffdf193c3d _os_activity_initiate + 61
9  AppKit                0x00007fffc779d2e0 -[NSCell _sendActionFrom:] + 128
10 AppKit                0x00007fffc77dfcd9 -[NSButtonCell _sendActionFrom:] + 98
11 libsystem_trace.dylib 0x00007fffdf193c3d _os_activity_initiate + 61
12 AppKit                0x00007fffc779bbc6 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2481
13 AppKit                0x00007fffc77dfa12 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 798
14 AppKit                0x00007fffc779a57b -[NSControl mouseDown:] + 832
15 AppKit                0x00007fffc7e2f603 -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6341
16 AppKit                0x00007fffc7e2be20 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1942
17 AppKit                0x00007fffc7e2b2be -[NSWindow(NSEventRouting) sendEvent:] + 541
18 AppKit                0x00007fffc7cb3bf5 -[NSApplication(NSEvent) sendEvent:] + 1145
19 HockeySDK             0x000000010fe81914 -[BITCrashExceptionApplication sendEvent:] (BITCrashExceptionApplication.m:48)
20 AppKit                0x00007fffc752ff81 -[NSApplication run] + 1002
21 AppKit                0x00007fffc74fa850 NSApplicationMain + 1237
22 CrashProbe            0x000000010fe50ea4 main (main.m:13)
23 libdyld.dylib         0x00007fffdef61255 start + 1

Bugsnag - x86_64

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Attempted to dereference garbage pointer 0x7000002a0000.

0  libobjc.A.dylib       cache_getImp
1  libobjc.A.dylib       objc_msgSend
2  CrashProbe            -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
3  CrashProbe            -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
4  libsystem_trace.dylib os_activity_initiate
5  AppKit                -[NSApplication sendAction:to:from:]
6  AppKit                -[NSControl sendAction:to:]
7  AppKit                _26-[NSCell _sendActionFrom:]_block_invoke
8  libsystem_trace.dylib os_activity_initiate
9  AppKit                -[NSCell _sendActionFrom:]
10 libsystem_trace.dylib os_activity_initiate
11 AppKit                -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
12 AppKit                -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:]
13 AppKit                -[NSControl mouseDown:]
14 AppKit                -[NSWindow _handleMouseDownEvent:isDelayedEvent:]
15 AppKit                -[NSWindow _reallySendEvent:isDelayedEvent:]
16 AppKit                -[NSWindow sendEvent:]
17 AppKit                -[NSApplication sendEvent:]
18 AppKit                -[NSApplication run]
19 AppKit                NSApplicationMain
20 CrashProbe            main (main.m:13)
21 libdyld.dylib         start

Crashlytics - x86_64

Crashed: com.apple.main-thread
EXC_BAD_ACCESS 0x0000000000000000

Thread : Crashed: com.apple.main-thread
0  libobjc.A.dylib       0x7fff8fe12452 cache_getImp + 18
1  libobjc.A.dylib       0x7fff8fe17d65 lookUpImpOrForward + 272
2  libobjc.A.dylib       0x7fff8fe12591 objc_msgSend + 209
3  CrashLib              0x00010540fce6 -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
4  CrashProbe            0x00010538c6e1 -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
5  libsystem_trace.dylib 0x7fff84dea07a _os_activity_initiate + 75
6  AppKit                0x7fff8df9551d -[NSApplication sendAction:to:from:] + 460
7  AppKit                0x7fff8dfaa486 -[NSControl sendAction:to:] + 86
8  AppKit                0x7fff8dfaa3b0 __26-[NSCell _sendActionFrom:]_block_invoke + 131
9  libsystem_trace.dylib 0x7fff84dea07a _os_activity_initiate + 75
10 AppKit                0x7fff8dfaa30d -[NSCell _sendActionFrom:] + 144
11 libsystem_trace.dylib 0x7fff84dea07a _os_activity_initiate + 75
12 AppKit                0x7fff8dfa8932 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2693
13 AppKit                0x7fff8dffdd58 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 744
14 AppKit                0x7fff8dfa705c -[NSControl mouseDown:] + 669
15 AppKit                0x7fff8e554d1d -[NSWindow _handleMouseDownEvent:isDelayedEvent:] + 6322
16 AppKit                0x7fff8e555fad -[NSWindow _reallySendEvent:isDelayedEvent:] + 212
17 AppKit                0x7fff8deae735 -[NSWindow sendEvent:] + 517
18 AppKit                0x7fff8deaae49 -[NSApplication sendEvent:] + 2540
19 AppKit                0x7fff8ddde03a -[NSApplication run] + 796
20 AppKit                0x7fff8dd60520 NSApplicationMain + 1176
21 CrashProbe            0x00010538ca46 main (main.m:13)
22 libdyld.dylib         0x7fff850755ad start + 1

Apple - x86_64

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       EXC_I386_GPFLT

Application Specific Information:
Performing @selector(causeCrash:) from sender NSButton 0x60800014fe60

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0  libobjc.A.dylib          0x00007fff90071012 cache_getImp + 18
1  libobjc.A.dylib          0x00007fff90087888 lookUpImpOrForward + 595
2  libobjc.A.dylib          0x00007fff900711ac objc_msgSend + 236
3  net.hockeyapp.CrashLib   0x000000010d5d2644 -[CRLCrashCorruptObjC crash] + 69 (CRLCrashCorruptObjC.m:70)
4  net.hockeyapp.CrashProbe 0x000000010d5c6473 -[CRLMainWindowController causeCrash:] + 75 (CRLMainWindowController.m:72)
5  libsystem_trace.dylib    0x00007fff91233cd7 _os_activity_initiate + 75
6  com.apple.AppKit         0x00007fff8bc45fb1 -[NSApplication sendAction:to:from:] + 452
7  com.apple.AppKit         0x00007fff8bc5ba46 -[NSControl sendAction:to:] + 86
8  com.apple.AppKit         0x00007fff8bc5b962 __26-[NSCell _sendActionFrom:]_block_invoke + 131
9  libsystem_trace.dylib    0x00007fff91233cd7 _os_activity_initiate + 75
10 com.apple.AppKit         0x00007fff8bc5b8bf -[NSCell _sendActionFrom:] + 144
11 libsystem_trace.dylib    0x00007fff91233cd7 _os_activity_initiate + 75
12 com.apple.AppKit         0x00007fff8bc59db3 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2821
13 com.apple.AppKit         0x00007fff8bcb245f -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 770
14 com.apple.AppKit         0x00007fff8bc58466 -[NSControl mouseDown:] + 714
15 com.apple.AppKit         0x00007fff8c1c22fc -[NSWindow _reallySendEvent:isDelayedEvent:] + 14125
16 com.apple.AppKit         0x00007fff8bb51d76 -[NSWindow sendEvent:] + 470
17 com.apple.AppKit         0x00007fff8bb4e312 -[NSApplication sendEvent:] + 2504
18 com.apple.AppKit         0x00007fff8ba77c68 -[NSApplication run] + 711
19 com.apple.AppKit         0x00007fff8b9f4354 NSApplicationMain + 1832
20 net.hockeyapp.CrashProbe 0x000000010d5c67d9 main + 9 (main.m:13)
21 libdyld.dylib            0x00007fff8aaa75c9 start + 1