Passing a bad resource name to GM_getResourceURL can crash Firefox #1623

leskets opened this Issue Sep 2, 2012 · 2 comments

3 participants


An old script of mine makes Firefox crash with current releases of Greasemonkey.
I use Firefox 15.0 on Ubuntu 12.04.1 LTS on 64bit AMD.

Steps to reproduce the error:
1) Install Amalgam 1.9.3:
2) Open:
3) Mark some text using the mouse and release the mouse buttom. (Other events like hovering the mouse over a link will sometimes also trigger a crash)

Results for different releases of Greasemonkey:
Crash (First try: Firefox hangs with 0% CPU usage, Second try: real crash)

The script makes heavy use of EventListeners. Commenting out all occurences of addEventListener helps against crashes (but reduces functionality, of course). Updating the metadata with @grant does not make any difference.


Here's a heavily reduced testcase:
The GM_getResourceURL call is just to get the current script's UUID so the script protocol handler actually looks for a matching resource. The crash then happens because no matching resource can be found, and so newChannel implicitly returns undefined, which probably leads to a null pointer dereference.


Thanks Ventero, updated the title to reflect your findings.

@arantius arantius closed this in 9dbb8a7 Sep 6, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment