Skip to content

Passing a bad resource name to GM_getResourceURL can crash Firefox #1623

leskets opened this Issue Sep 2, 2012 · 2 comments

3 participants

leskets commented Sep 2, 2012

An old script of mine makes Firefox crash with current releases of Greasemonkey.
I use Firefox 15.0 on Ubuntu 12.04.1 LTS on 64bit AMD.

Steps to reproduce the error:
1) Install Amalgam 1.9.3:
2) Open:
3) Mark some text using the mouse and release the mouse buttom. (Other events like hovering the mouse over a link will sometimes also trigger a crash)

Results for different releases of Greasemonkey:
Crash (First try: Firefox hangs with 0% CPU usage, Second try: real crash)

The script makes heavy use of EventListeners. Commenting out all occurences of addEventListener helps against crashes (but reduces functionality, of course). Updating the metadata with @grant does not make any difference.

Ventero commented Sep 2, 2012

Here's a heavily reduced testcase:
The GM_getResourceURL call is just to get the current script's UUID so the script protocol handler actually looks for a matching resource. The crash then happens because no matching resource can be found, and so newChannel implicitly returns undefined, which probably leads to a null pointer dereference.

arantius commented Sep 5, 2012

Thanks Ventero, updated the title to reflect your findings.

@arantius arantius closed this in 9dbb8a7 Sep 6, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.