Corrupt the Objective-C runtime's structures

Write garbage into data areas used by the Objective-C runtime to track classes and objects.

Bugs of this nature are why crash reporters cannot use Objective-C in their crash handling code, as attempting to do so is likely to lead to a crash in the crash reporting code.

Provider X86-64
HockeyApp
SDK: 4.1.3 Date: 05/18/2017 (i)
Sentry
SDK: 3.0.7 Date: 07/03/2017 (i)
Bugsnag
SDK: 5.0.0 Date: 02/16/2016 (i)
Apple
Date: 05/18/2017 (i)

Expected Report Details:

-[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
-[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)

Click a status icon above to see the crashing thread’s stack trace with further info.

HockeyApp - x86_64

Exception Type:  SIGBUS
Exception Codes: BUS_ADRERR at 0x0
Crashed Thread:  0

Application Specific Information:
Selector name found in current argument registers: description

Thread 0 Crashed:
0   libobjc.A.dylib       0x00007fff96362fc2 cache_getImp + 18
1   libobjc.A.dylib       0x00007fff96363ad4 _objc_msgSend_uncached + 68
2   CrashLib              0x000000010a5f7c5a -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
3   CrashProbe            0x000000010a5eac31 -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
4   libsystem_trace.dylib 0x00007fff96e883a7 _os_activity_initiate_impl + 52
5   AppKit                0x00007fff7f754721 -[NSApplication(NSResponder) sendAction:to:from:] + 455
6   AppKit                0x00007fff7f238cc4 -[NSControl sendAction:to:] + 85
7   AppKit                0x00007fff7f238bec __26-[NSCell _sendActionFrom:]_block_invoke + 135
8   libsystem_trace.dylib 0x00007fff96e883a7 _os_activity_initiate_impl + 52
9   AppKit                0x00007fff7f238b44 -[NSCell _sendActionFrom:] + 127
10  AppKit                0x00007fff7f27b539 -[NSButtonCell _sendActionFrom:] + 97
11  libsystem_trace.dylib 0x00007fff96e883a7 _os_activity_initiate_impl + 52
12  AppKit                0x00007fff7f237426 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2480
13  AppKit                0x00007fff7f27b272 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 797
14  AppKit                0x00007fff7f235ddb -[NSControl mouseDown:] + 831
15  AppKit                0x00007fff7f8d024f -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6340
16  AppKit                0x00007fff7f8cca6c -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1941
17  AppKit                0x00007fff7f8cbf0a -[NSWindow(NSEventRouting) sendEvent:] + 540
18  AppKit                0x00007fff7f750681 -[NSApplication(NSEvent) sendEvent:] + 1144
19  HockeySDK             0x000000010a61854e -[BITCrashExceptionApplication sendEvent:] (BITCrashExceptionApplication.m:48)
20  AppKit                0x00007fff7efcb427 -[NSApplication run] + 1001
21  AppKit                0x00007fff7ef95e0e NSApplicationMain + 1236
22  CrashProbe            0x000000010a5eaef0 main (main.m:13)
23  libdyld.dylib         0x00007fff96c56235 start + 0

Sentry - x86_64

OS Version: macOS 10.12.5 (16F73)
Report Version: 104

Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: BUS_NOOP at 0x00007fff8629318f
Crashed Thread: 0

Application Specific Information:
Attempted to dereference garbage pointer 0x7fff8629318f.

Thread 0 name:
Thread 0 Crashed:
0   libobjc.A.dylib                 0xffff275a7fc2      cache_getImp
1   libobjc.A.dylib                 0xffff275a8ad4      _objc_msgSend_uncached
2   CrashLib                        0x10e203d18         -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
3   CrashProbe                      0x20e0d8bba         -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
4   libsystem_trace.dylib           0xffff28bf63a7      _os_activity_initiate_impl
5   AppKit                          0xfffef9571721      -[NSApplication(NSResponder) sendAction:to:from:]
6   AppKit                          0xfffef9055cc4      -[NSControl sendAction:to:]
7   AppKit                          0xfffef9055bec      __26-[NSCell _sendActionFrom:]_block_invoke
8   libsystem_trace.dylib           0xffff28bf63a7      _os_activity_initiate_impl
9   AppKit                          0xfffef9055b44      -[NSCell _sendActionFrom:]
10  AppKit                          0xfffef9098539      -[NSButtonCell _sendActionFrom:]
11  libsystem_trace.dylib           0xffff28bf63a7      _os_activity_initiate_impl
12  AppKit                          0xfffef9054426      -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
13  AppKit                          0xfffef9098272      -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:]
14  AppKit                          0xfffef9052ddb      -[NSControl mouseDown:]
15  AppKit                          0xfffef96ed24f      -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:]
16  AppKit                          0xfffef96e9a6c      -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:]
17  AppKit                          0xfffef96e8f0a      -[NSWindow(NSEventRouting) sendEvent:]
18  AppKit                          0xfffef956d681      -[NSApplication(NSEvent) sendEvent:]
19  AppKit                          0xfffef8de8427      -[NSApplication run]
20  AppKit                          0xfffef8db2e0e      NSApplicationMain
21  CrashProbe                      0x20e0d8e79         main (main.m:13)
22  libdyld.dylib                   0xffff28790235      start

Bugsnag - x86_64

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Attempted to dereference garbage pointer 0x7000002a0000.

0  libobjc.A.dylib       cache_getImp
1  libobjc.A.dylib       objc_msgSend
2  CrashProbe            -[CRLCrashCorruptObjC crash] (CRLCrashCorruptObjC.m:70)
3  CrashProbe            -[CRLMainWindowController causeCrash:] (CRLMainWindowController.m:72)
4  libsystem_trace.dylib os_activity_initiate
5  AppKit                -[NSApplication sendAction:to:from:]
6  AppKit                -[NSControl sendAction:to:]
7  AppKit                _26-[NSCell _sendActionFrom:]_block_invoke
8  libsystem_trace.dylib os_activity_initiate
9  AppKit                -[NSCell _sendActionFrom:]
10 libsystem_trace.dylib os_activity_initiate
11 AppKit                -[NSCell trackMouse:inRect:ofView:untilMouseUp:]
12 AppKit                -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:]
13 AppKit                -[NSControl mouseDown:]
14 AppKit                -[NSWindow _handleMouseDownEvent:isDelayedEvent:]
15 AppKit                -[NSWindow _reallySendEvent:isDelayedEvent:]
16 AppKit                -[NSWindow sendEvent:]
17 AppKit                -[NSApplication sendEvent:]
18 AppKit                -[NSApplication run]
19 AppKit                NSApplicationMain
20 CrashProbe            main (main.m:13)
21 libdyld.dylib         start

Apple - x86_64

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       EXC_I386_GPFLT

Application Specific Information:
Performing @selector(causeCrash:) from sender NSButton 0x618000159440

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0  libobjc.A.dylib                0x00007fff94636fc2 cache_getImp + 18
1  libobjc.A.dylib                0x00007fff946380d8 lookUpImpOrForward + 365
2  libobjc.A.dylib                0x00007fff94637ad4 _objc_msgSend_uncached + 68
3  net.hockeyapp.CrashLib         0x0000000105ab0c5a -[CRLCrashCorruptObjC crash] + 69 (CRLCrashCorruptObjC.m:70)
4  net.hockeyapp.CrashProbe.apple 0x0000000105a9fc35 -[CRLMainWindowController causeCrash:] + 75 (CRLMainWindowController.m:72)
5  libsystem_trace.dylib          0x00007fff9515c3a7 _os_activity_initiate_impl + 53
6  com.apple.AppKit               0x00007fff7da41791 -[NSApplication(NSResponder) sendAction:to:from:] + 456
7  com.apple.AppKit               0x00007fff7d526000 -[NSControl sendAction:to:] + 86
8  com.apple.AppKit               0x00007fff7d525f28 __26-[NSCell _sendActionFrom:]_block_invoke + 136
9  libsystem_trace.dylib          0x00007fff9515c3a7 _os_activity_initiate_impl + 53
10 com.apple.AppKit               0x00007fff7d525e80 -[NSCell _sendActionFrom:] + 128
11 com.apple.AppKit               0x00007fff7d568875 -[NSButtonCell _sendActionFrom:] + 98
12 libsystem_trace.dylib          0x00007fff9515c3a7 _os_activity_initiate_impl + 53
13 com.apple.AppKit               0x00007fff7d524762 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2481
14 com.apple.AppKit               0x00007fff7d5685ae -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 798
15 com.apple.AppKit               0x00007fff7d523117 -[NSControl mouseDown:] + 832
16 com.apple.AppKit               0x00007fff7dbbd2bf -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6341
17 com.apple.AppKit               0x00007fff7dbb9adc -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1942
18 com.apple.AppKit               0x00007fff7dbb8f7a -[NSWindow(NSEventRouting) sendEvent:] + 541
19 com.apple.AppKit               0x00007fff7da3d6f1 -[NSApplication(NSEvent) sendEvent:] + 1145
20 com.apple.AppKit               0x00007fff7d2b87f7 -[NSApplication run] + 1002
21 com.apple.AppKit               0x00007fff7d2831de NSApplicationMain + 1237
22 net.hockeyapp.CrashProbe.apple 0x0000000105a9fef4 main + 9 (main.m:13)
23 libdyld.dylib                  0x00007fff94f2a235 start + 1