ghost
commented
5 years ago Fixed in UXP by https://github.com/MoonchildProductions/UXP/commit/7258eeb.
Closed ghost closed 3 years ago
ghost
commented
5 years ago Fixed in UXP by https://github.com/MoonchildProductions/UXP/commit/7258eeb.
grahamperrin
commented
5 years ago Thanks,
Steps to reproduce
– confirmed reproducible with home-built Waterfox 56.2.9 on FreeBSD-CURRENT.
Meta/tracking: #538
grahamperrin
commented
5 years ago Side note: if you can no longer sign in to GitHub after reproducing this issue, either (a) disable the extension; or (b) I guess, change its rules.
IzzySoft
commented
5 years ago Starting with 56.2.9 I encounter massive "tab crashes" as well (never had them before – and I used Firefox still back when it was named Phoenix, and switched to Waterfox quite a while ago – like a year or so). Now crashes happen multiple times a week.
Triggered by the term "eMatrix", I've picked one of the (reproducible) "crash candidates", disabled uMatrix (which is what I'm using) for that site – et voila, no tab crash. Seems to be related (whith eMatrix being an uMatrix fork, as I just learned).
So do I just have to wait until the UXP fix is integrated into Waterfox? Anything I can do to prevent these crashes (apart from disabling uMatrix)? The nasty thing is not just the tab crashing, but all other tabs being "unloaded" when that happens, causing me lose content and notifications.
As for confirming: Linux Mint 18.3, Waterfox 56.2.9 up to 56.2.10.1.
PS: Too early. There must be some other reasons in my case, as disabling uMatrix only solved it for one URL but not for another on the same site (both times GitLab, same repo just different issue).
ghost
commented
5 years ago @IzzySoft The adverse interaction with uMatrix/eMatrix occurs upon the browser rendering an XML document that needs to load an XSLT stylesheet, which is not a particularly common use case. By default, *Matrix allows for XSLT resources (via the "other" category) to be loaded in first-party scope, which makes it very difficult to trigger this bug without a deliberately stringent ruleset. Once triggered, a null pointer dereference occurs, which has now been protected against in UXP. I'd say it's unlikely that any of this is connected with the problems that you're experiencing but I think you'd need to obtain a stack trace for anyone to know for sure.
IzzySoft
commented
5 years ago Thanks @kerframil! Please ignore my chiming in above, the problem here indeed was something different (though unexpected), and solved quite simple: I just needed to exit Waterfox completely and start it again (so not just restart, but really exit). Looks like something got messed up here despite of multiple restarts – and restart is something different than "exit and start". After that, WF runs stable again here, luckily.
So you were absolutely correct: my issue was unrelated – though on the surface it looked as if it were. Thanks for pointing out the details!
Summary
Under specific conditions, eMatrix reproducibly triggers a segmentation fault in WaterFox 56.2.9, as well as browsers based on the UXP platform. Whatever the root cause may be, it is unexpected that any add-on be able to induce any fault pertaining to memory protection.
Steps to reproduce
* 1st-party * allowand* 1st-party frame allowAdditional information
The bug is somewhere in the XUL component.
eMatrix 1.4.0 is a relatively soft fork of the legacy version of uMatrix. I also tried the "firefox" version of uMatrix 1.1.4 and found that the tab crashed, but not the entire browser.