List of software bugs
Many software bugs are merely annoying or inconvenient but some can have extremely serious consequences – either financially or as a threat to human well-being. The following is a list of software bugs with significant consequences:
Space
- A booster went off course during launch, resulting in the destruction of NASA Mariner 1. This was the result of the failure of a transcriber to notice an overbar in a written specification for the guidance program, resulting in the coding of an incorrect formula in its FORTRAN software. (July 22, 1962).[1] Note that the initial reporting of the cause of this bug was incorrect.[2]
- The Russian Space Research Institute's Phobos 1 (Phobos program) deactivated its attitude thrusters and could no longer properly orient its solar arrays or communicate with Earth, eventually depleting its batteries. (September 10, 1988).[3]
- The European Space Agency's Ariane 5 Flight 501 was destroyed 40 seconds after takeoff (June 4, 1996). The US$1 billion prototype rocket self-destructed due to a bug in the on-board guidance software.[4]
- In 1997, the Mars Pathfinder mission was jeopardised by a bug in concurrent software shortly after the rover landed, which was found in preflight testing but given a low priority as it only occurred in certain unanticipated heavy-load conditions.[5] The problem, which was identified and corrected from Earth, was due to computer resets caused by priority inversion.[6][7]
- In 2000, a Zenit 3SL launch failed due to faulty ground software not closing a valve in the rocket's second stage pneumatic system.[8]
- The European Space Agency's CryoSat-1 satellite was lost in a launch failure in 2005 due to a missing shutdown command in the flight control system of its Rokot carrier rocket.[9]
- NASA Mars Polar Lander was destroyed because its flight software mistook vibrations due to atmospheric turbulence for evidence that the vehicle had landed and shut off the engines 40 meters from the Martian surface (December 3, 1999).[10]
- Its sister spacecraft Mars Climate Orbiter was also destroyed, due to software on the ground generating commands in pound-force (lbf), while the orbiter expected newtons (N).
- A mis-sent command from Earth caused the software of the NASA Mars Global Surveyor to incorrectly assume that a motor had failed, causing it to point one of its batteries at the sun. This caused the battery to overheat (November 2, 2006).[11][12]
- NASA's Spirit rover became unresponsive on January 21, 2004, a few weeks after landing on Mars. Engineers found that too many files had accumulated in the rover's flash memory. It was restored to working condition after deleting unnecessary files.[13]
- Japan's Hitomi astronomical satellite was destroyed when a thruster fired in the wrong direction, causing the spacecraft to spin faster instead of stabilize (March 26, 2016).[14]
Medical
- A bug in the code controlling the Therac-25 radiation therapy machine was directly responsible for at least five patient deaths in the 1980s when it administered excessive quantities of X-rays.[15][16][17]
- A Medtronic heart device was found vulnerable to remote attacks in March 2008.[18]
Tracking years
- The year 2000 problem spawned fears of worldwide economic collapse and an industry of consultants providing last-minute fixes.[19]
- A similar problem will occur in 2038 (the year 2038 problem), as many Unix-like systems calculate the time in seconds since 1 January 1970, and store this number as a 32-bit signed integer, for which the maximum possible value is 231 − 1 (2,147,483,647) seconds.[20]
- An error in the payment terminal code for Bank of Queensland rendered many devices inoperable for up to a week. The problem was determined to be an incorrect hexadecimal number conversion routine. When the device was to tick over to 2010, it skipped six years to 2016, causing terminals to decline customers' cards as expired.[21]
Electric power transmission
- The Northeast blackout of 2003 was triggered by a local outage that went undetected due to a race condition in General Electric Energy's XA/21 monitoring software.[22]
Administration
- The software of the A2LL system for handling unemployment and social services in Germany presented several errors with large-scale consequences, such as sending the payments to invalid account numbers in 2004.
Telecommunications
- AT&T long distance network crash (January 15, 1990), in which the failure of one switching system would cause a message to be sent to nearby switching units to tell them that there was a problem. Unfortunately, the arrival of that message would cause those other systems to fail too – resulting in a cascading failure that rapidly spread across the entire AT&T long distance network.[23][24]
- In January 2009, Google's search engine erroneously notified users that every web site worldwide was potentially malicious, including its own.[25]
Military
- The software error of a MIM-104 Patriot, caused its system clock to drift by one third of a second over a period of one hundred hours – resulting in failure to locate and intercept an incoming missile. The Iraqi missile impacted in a military compound in Dhahran, Saudi Arabia (February 25, 1991), killing 28 Americans.[26][27]
- A Chinook crash on Mull of Kintyre in June 1994. A Royal Air Force Chinook helicopter crashed into the Mull of Kintyre, killing 29. This was initially dismissed as pilot error, but an investigation by Computer Weekly uncovered sufficient evidence to convince a House of Lords inquiry that it may have been caused by a software bug in the aircraft's engine control computer.[28]
- Smart ship USS Yorktown was left dead in the water in 1997 for nearly 3 hours after a divide by zero error.[29]
- In April 1992 the first F-22 Raptor crashed while landing at Edwards Air Force Base, California. The cause of the crash was found to be a flight control software error that failed to prevent a pilot-induced oscillation.[30]
- While attempting its first overseas deployment to the Kadena Air Base in Okinawa, Japan, on 11 February 2007, a group of six F-22 Raptors flying from Hickam AFB, Hawaii, experienced multiple computer crashes coincident with their crossing of the 180th meridian of longitude (the International Date Line). The computer failures included at least navigation (completely lost) and communication. The fighters were able to return to Hawaii by following their tankers, something that might have been problematic had the weather not been good. The error was fixed within 48 hours, allowing a delayed deployment.[31]
Media
- In the Sony BMG CD copy prevention scandal (October 2005), Sony BMG produced a Van Zant music CD that employed a copy protection scheme that covertly installed a rootkit on any Windows PC that was used to play it. Their intent was to hide the copy protection mechanism to make it harder to circumvent. Unfortunately, the rootkit inadvertently opened a security hole resulting in a wave of successful trojan horse attacks on the computers of those who had innocently played the CD.[32] Sony's subsequent efforts to provide a utility to fix the problem actually exacerbated it.[33]
Video gaming
- Eve Online's deployment of the Trinity patch erased the boot.ini file from several thousand users' computers, rendering them unable to boot. This was due to the usage of a legacy system within the game that was also named boot.ini. As such, the deletion had targeted the wrong directory instead of the /eve directory.[34]
- The Corrupted Blood incident was a software bug in World of Warcraft that caused a status ailment, that was supposed to be locally restricted to a certain level of the game, to be set free, affecting all players everywhere in the virtual game world. This caused players to avoid crowded places in-game, just like in a "real world" epidemic, and the bug became the centre of some academic research on the spread of infectious diseases.[35]
- In the 256th level of Pac-Man, a bug results in a kill screen. The maximum number of fruit available is seven and when that number rolls over, it causes the entire right side of the screen to become a jumbled mess of symbols while the left side remains normal.[36]
- One of the complementary demo discs issued to PlayStation Underground subscribers in the United States contained a serious bug, particularly in the demo for Viewtiful Joe 2, that would not only crash the PlayStation 2, but would also unformat any memory cards that were plugged into that console, erasing any and all saved data onto them.[37] The bug was so severe that Sony had to apologize for the glitch and send out free copies of other PS2 games to affected players as consolation.[38]
- An update for the Xbox 360 version of Guitar Hero II, which was intended to fix some issues with the whammy bar on that game's guitar controllers, came with a bug that caused some consoles to freeze, or even stop working altogether, producing the infamous "red ring of death".[39]
- Valve's Steam client for Linux could accidentally delete all the user's files in every directory on the computer. This happened to users that had moved Steam's installation directory.[40] The bug is the result of unsafe shellscript programming:
STEAMROOT="$(cd "${0%/*}" && echo $PWD)"
# Scary!
rm -rf "$STEAMROOT/"*
The first line tries to find the script's containing directory. This could fail, for example if the directory was moved while the script was running, invalidating the "selfpath" variable $0
. It would also fail if $0
contained no slash character, or contained a broken symlink, perhaps mistyped by the user. The way it would fail, as ensured by the &&
conditional, and not having set -e
cause termination on failure, was to produce the empty string. This failure mode was not checked, only commented as "Scary!". Finally, in the deletion command, the slash character takes on a very different meaning from its role of path concatenation operator when the string before it is empty, as it then names the root directory.
Encryption
- In order to fix a warning issued by Valgrind, a maintainer of Debian patched OpenSSL and broke the random number generator in the process. The patch was uploaded in September 2006 and made its way into the official release; it was not reported until April 2008. Every key generated with the broken version is compromised (as the "random" numbers were made easily predictable), as is all data encrypted with it, threatening many applications that rely on encryption such as S/MIME, Tor, SSL or TLS protected connections and SSH.[41]
- Heartbleed, an OpenSSL vulnerability introduced in 2012 and disclosed in April 2014, removed confidentiality from affected services, causing among other things the shut down of the Canada Revenue Agency's public access to the online filing portion of its website[42] following the theft of social insurance numbers.[43]
- The Apple Computer, Inc. "goto fail" bug was a duplicated line of code which caused a public key certificate check to pass a test incorrectly.
Transportation
- Toyota's electronic throttle control system (ETCS) had bugs that could cause sudden unintended acceleration.[44] At least 89 people were killed as a result.[45]
- The Boeing 787 Dreamliner experienced an integer overflow bug which could shut down all electrical generators if the aircraft was on for more than 248 days.[46]
Business
The Vancouver Stock Exchange index had large errors due to repeated rounding. In January 1982 the index was initialized at 1000 and subsequently updated and truncated to three decimal places on each trade. This was done about 3000 times a day. The accumulated truncations led to an erroneous loss of around 25 points per month. Over the weekend of November 25–28, 1983, the error was corrected, raising the value of the index from its Friday closing figure of 524.811 to 1098.892.[47][48]
Knight Capital Group lost $440 million in 45 minutes due to the improper deployment of software on servers and the re-use of a critical software flag that caused old unused software code to execute during trading.[49]
See also
References
- ↑ "Space FAQ 08/13 – Planetary Probe History". Retrieved 2008-01-07.
- ↑ Hoare, C. A. R. Hints on Programming Language Design. in Sigact/Sigplan Symposium on Principles of Programming Languages. October 1973., reprinted in Horowitz. Programming Languages, A Grand Tour, 3rd ed.. See Risks Digest: Mariner 1, Vol. 9: Iss. 54, 12 Dec 89 (and "Mariner I -- no holds BARred". Retrieved 2008-01-07.
- ↑ R. Z. Sagdeev & A. V. Zakharov (1989). "Brief history of the Phobos mission". Nature. 341 (6243): 581–585. Bibcode:1989Natur.341..581S. doi:10.1038/341581a0.
- ↑ Dowson, M. (March 1997). "The Ariane 5 Software Failure". Software Engineering Notes. 22 (2): 84. doi:10.1145/251880.251992.
- ↑ Parallel sparking: Many chips make light work, Douglas Heaven, New Scientist magazine, issue 2930, 19 August 2013, p44. Online (by subscription)
- ↑ What Really Happened on Mars by Glenn Reeves of the JPL Pathfinder team
- ↑ "What really happened on Mars?".
- ↑ "Spaceflight Now - Breaking News - Sea Launch malfunction blamed on software glitch".
- ↑ "CryoSat Mission lost due to launch failure". European Space Agency. 8 October 2005. Retrieved 19 July 2010.
- ↑ "Mars Polar Lander". Retrieved 2008-01-07.
- ↑ "Report Reveals Likely Causes of Mars Spacecraft Loss". Retrieved 2008-01-07.
- ↑ "Faulty Software May Have Doomed Mars Orbiter". Space.com. Archived from the original on July 24, 2008. Retrieved January 11, 2007.
- ↑ "Out of memory problem caused Mars rover's glitch". computerworld.com. February 3, 2004.
- ↑ "Software error doomed Japanese Hitomi spacecraft". Retrieved 2016-05-06.
- ↑ "The Therac-25 Accidents (PDF), by Nancy Leveson" (PDF). Retrieved 2008-01-07.
- ↑ "An Investigation of the Therac-25 Accidents (IEEE Computer)". Retrieved 2008-01-07.
- ↑ "Computerized Radiation Therapy (PDF) reported by TROY GALLAGHER" (PDF). Retrieved 2011-12-12.
- ↑ Feder, Barnaby J. (2008-03-12). "A Heart Device Is Found Vulnerable to Hacker Attacks". The New York Times. Retrieved 2008-09-28.
- ↑ "Looking at the Y2K bug, portal on CNN.com". Archived from the original on 2007-12-27. Retrieved 2008-01-07.
- ↑ "The year 2038 bug". Retrieved 2008-01-12.
- ↑ Stafford, Patrick. "Businesses hit by Bank of Queensland EFTPOS bug". Retrieved 1 April 2014.
- ↑ "Software Bug Contributed to Blackout". Retrieved 2008-01-07.
- ↑ Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier (ISBN 0-553-56370-X). Spectra Books.
- ↑ "The Crash of the AT&T Network in 1990". Retrieved 2008-05-15.
- ↑ Cade Metz (January 31, 2009). "Google mistakes entire web for malware". The Register. Retrieved December 20, 2010.
- ↑ "Patriot missile defense, Software problem led to system failure at Dharhan, Saudi Arabia; GAO report IMTEC 92-26". US Government Accounting Office.
- ↑ Robert Skeel. "Roundoff Error and the Patriot Missile". SIAM News, volume 25, nr 4. Retrieved 2008-09-30.
- ↑ "The Chinook Helicopter Disaster". Retrieved 2008-01-07.
- ↑ "Software glitches leave Navy Smart Ship dead in the water". Archived from the original on 2007-12-13. Retrieved 2008-01-07.
- ↑ "F-22 Timeline." f-22raptor.com. Retrieved: 23 July 2009.
- ↑ "Lockheed's F-22 Raptor Gets Zapped by International Date Line: Raptors arrive at Kadena." Air Force, 26 February 2007.
- ↑ "Sony's 'rootkit' CDs". Retrieved 2008-05-15.
- ↑ "More on Sony: Dangerous Decloaking Patch, EULAs and Phoning Home", Mark's Blog, November 4, 2005, retrieved November 22, 2006.
- ↑ "About the boot.ini issue (Dev Blog)". Retrieved 2014-09-30.
- ↑ Balicer, Ran (2005-10-05). "Modeling Infectious Diseases Dissemination Through Online Role-Playing Games". Epidemiology. 18 (2): 260–261. doi:10.1097/01.ede.0000254692.80550.60. PMID 17301707.
- ↑ "Pac Man'S Split Screen Level Analyzed And Fixed". Donhodges.Com. Retrieved 2012-09-19.
- ↑ Krotoski, Aleks (2004-11-30). "Viewtiful Joe 2 demo deletes memory cards". The Guardian. Retrieved 2009-11-10.
- ↑ Bramwell, Tom (2004-12-07). "Sony to replace defective demo discs with games". Eurogamer. Retrieved 2009-11-10.
- ↑ Bramwell, Tom (2007-04-16). "RedOctane admits to Guitar Hero II patch problem". Eurogamer. Retrieved 2016-12-02.
- ↑ "Scary code of the week: Valve Steam CLEANS Linux PCs". 2015-01-17. Retrieved 2015-02-13.
- ↑ "DSA-1571-1 openssl -- predictable random number generator". Retrieved 2008-04-16.
- ↑ "Heartbleed bug may shut Revenue Canada website until weekend". CBC News. 2014-04-09.
- ↑ "Heartbleed bug: 900 SINs stolen from Revenue Canada - Business - CBC News". CBC News. Retrieved 2014-04-14.
- ↑ "Toyota's killer firmware: Bad design and its consequences".
- ↑ "Toyota "Unintended Acceleration" Has Killed 89". cbsnews. Retrieved 2014-03-20.
- ↑ "To keep a Boeing Dreamliner flying, reboot once every 248 days".
- ↑ The Wall Street Journal November 8, 1983, p.37
- ↑ The Toronto Star, November 29, 1983
- ↑ Popper, Nathaniel. "Knight Capital Says Trading Glitch Cost It $440 Million".