Neil Stewart <neil.stew...@warwick.ac.uk> writes: > I've edited src/ecmascript/spidermonkey.c (attached) in > elinks-0.11.4 to prevent calls to JS_* functions with NULL > pointers.
I had already made related changes in the upstream elinks-0.12 branch. If spidermonkey_get_interpreter cannot fully initialize the JSContext, it now returns an error. Some callers asserted that such errors would not happen, so I had to fix them too. 10c07f9 Debian bug 534835: Check some SpiderMonkey return values 11c0cb8 Debian bug 534835: Check *_get_interpreter return values e452420 Debian bug 534835: Don't assert ecmascript_reset_state succeeds (These commits are at elinks.cz but not yet at repo.or.cz.) The error handling is not perfect, in that ELinks may see another SCRIPT element and retry ECMAScript initialization without realizing that one script has been skipped, but at least it doesn't crash now. I think I had elinks --remote openURL running in a loop for some hours without ill effects. These changes could be applied to the elinks-0.11 branch (currently at 0.11.7.GIT) too if there is interest. Because that branch already has fixes for several other crashes of 0.11.4, and the double-free crash with </MAP> looks much easier to exploit than this null pointer dereference, I don't think there's any point in patching 0.11.4 separately.
pgp94cxV0Bw1U.pgp
Description: PGP signature
