Skip to content
This repository

Passing a bad resource name to GM_getResourceURL can crash Firefox #1623

Closed
leskets opened this Issue September 02, 2012 · 2 comments

3 participants

Thomas Leske arantius Ventero
Thomas Leske

An old script of mine makes Firefox crash with current releases of Greasemonkey.
I use Firefox 15.0 on Ubuntu 12.04.1 LTS on 64bit AMD.

Steps to reproduce the error:
1) Install Amalgam 1.9.3: http://userscripts.org/scripts/version/13348/372734.user.js
2) Open: http://en.wikipedia.org/wiki/Cat
3) Mark some text using the mouse and release the mouse buttom. (Other events like hovering the mouse over a link will sometimes also trigger a crash)

Results for different releases of Greasemonkey:
https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/1.0
Crash

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/0.9.22
OK

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/1.0beta7
Crash (First try: Firefox hangs with 0% CPU usage, Second try: real crash)

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/1.0beta5
Crash

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/1.0beta4
Crash

https://addons.mozilla.org/en-US/firefox/addon/greasemonkey/versions/1.0beta3
OK

The script makes heavy use of EventListeners. Commenting out all occurences of addEventListener helps against crashes (but reduces functionality, of course). Updating the metadata with @grant does not make any difference.

Ventero

Here's a heavily reduced testcase: https://gist.github.com/3597309
The GM_getResourceURL call is just to get the current script's UUID so the script protocol handler actually looks for a matching resource. The crash then happens because no matching resource can be found, and so newChannel implicitly returns undefined, which probably leads to a null pointer dereference.

arantius
Collaborator

Thanks Ventero, updated the title to reflect your findings.

arantius arantius closed this issue from a commit September 06, 2012
Commit has since been removed from the repository and is no longer available.
arantius arantius closed this in 9dbb8a7 September 06, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.