Dear Adobe: please don’t crash while logging

I recently upgraded my copy of Creative Suite to CS5. When you install CS5 Design Premium, you don’t just get Photoshop, InDesign, Illustrator and the like. You also get a ton of other bits, like Adobe Help (despite the existence of a built-in Help Viewer), Adobe Application Manager and CS5ServiceManager.

Many of these strike me as unnecessary. But they’re also poorly written. Background processes like this shouldn’t crash. And they’re really shouldn’t crash writing log files.

Here’s the first of two crashes in six hours:

Process: CS5ServiceManager [9272]
Path: /Library/Application Support/Adobe/CS5ServiceManager/CS5ServiceManager.app/Contents/MacOS/CS5ServiceManager
Identifier: com.adobe.csi.CS5ServiceManager
Version: ??? (5.0.1.137)
Code Type: X86 (Native)
Parent Process: ??? [1]

Date/Time: 2011-02-01 20:19:32.291 -0500
OS Version: Mac OS X 10.6.6 (10J567)
Report Version: 6

Exception Type: EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000
Crashed Thread: 5

...snip...

Thread 5 Crashed:
0 ??? 0000000000 0 + 0
1 libstdc++.6.dylib 0x9783fd7a d_name + 164
2 libstdc++.6.dylib 0x9783f3f4 d_type + 657
3 libstdc++.6.dylib 0x97843189 d_demangle + 747
4 ...adobe.csi.CS5ServiceManager 0x00021094 vcfoundation::impl::UTF8Builder::Append(vcfoundation::data::IVCString*, vcfoundation::util::VCRange) + 174
5 ...adobe.csi.CS5ServiceManager 0x00014d92 vcfoundation::util::BackTrace::Describe(vcfoundation::data::IVCStringAppender&) + 34
6 ...adobe.csi.CS5ServiceManager 0x00021e09 vcfoundation::data::IVCStringAppender::AppendFormat(char const*, char*) + 143
7 ...adobe.csi.CS5ServiceManager 0x00021e5e vcfoundation::data::IVCStringAppender::AppendFormat(char const*, ...) + 34
8 ...adobe.csi.CS5ServiceManager 0x00014c90 vcfoundation::util::StdStreamLog::Log(vcfoundation::util::IVCLog::Level, char const*, char*) + 452
9 libSystem.B.dylib 0x937d4be8 free + 244

Examining the crashed thread, we can make a few observations:

  • Adobe seems to have invented their own string-handling library
  • Appending strings can cause a crash
  • Adobe is using C++
  • This crash happening logging
  • This crash happening … writing a crash report?

The only way I’ve crashed a log call is with a format string error. And format string problems? They’re often security holes. Can anyone tell if this might be exploitable?

And did they really invent their own crash reporter? And is that what’s crashing?

Dear Adobe: the wheel is already round. If you’re going to litter my computer with crap, it better be rock solid.

Join the Conversation

3 Comments

Leave a comment

Your email address will not be published. Required fields are marked *