Skip to content

Instantly share code, notes, and snippets.

@liscio

liscio/main.mm Secret

Created October 17, 2023 17:21
Show Gist options
  • Save liscio/21bbdadd9170a9fc79ea1b3753293d2a to your computer and use it in GitHub Desktop.
Save liscio/21bbdadd9170a9fc79ea1b3753293d2a to your computer and use it in GitHub Desktop.
It is surprisingly easy to corrupt the FPU state on Intel Macs running macOS Sonoma.
#import <Cocoa/Cocoa.h>
#import <iostream>
static long double _giantValue = 0.0;
void writeGiantValue(long double inValue) {
_giantValue = inValue;
}
long double readGiantValue() {
return _giantValue;
}
static void interactWithGiantValue(void) {
writeGiantValue(1.0);
long double gv = readGiantValue();
if ( gv != 1.0 ) {
std::cout << "ERROR: Giant value should be 1, but it is instead " << gv << std::endl;
} else {
std::cout << "All good. Giant value is " << gv << std::endl;
}
}
int main(int argc, char *argv[]) {
/*
Before decoding the troublesome image, we can interact with Float80
values, and not encounter any problems.
*/
interactWithGiantValue();
/*
Load the image, and force it to be decoded.
*/
NSImage *songAlbumArt = [[NSImage alloc] initWithData:[NSData dataWithContentsOfURL:[NSURL fileURLWithPath:@"artwork.jpg"]]];
id imageRef = [songAlbumArt TIFFRepresentation];
/*
On Intel machines running macOS Sonoma, this will report a NaN value being
read from _giantValue. This is likely a result of someone corrupting---or,
failing to restore---the FPU state.
*/
interactWithGiantValue();
return 0;
}
@liscio
Copy link
Author

liscio commented Oct 17, 2023

If you have the jpeg image that triggers this, here's the output on an Intel Mac running Sonoma:

% clang -o testFPU -O0 main.mm -L. -std=gnu++20 -framework Cocoa -lstdc++

% ./testFPU 
All good. Giant value is 1
ERROR: Giant value should be 1, but it is instead nan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment