User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0 Build ID: 20151030084315 Steps to reproduce: A DoS was found in the last version of Firefox Beta (Firefox 43.0b9). Just loading this website: http://dcc.fceia.unr.edu.ar/~ggrieco/crash.html Actual results: Firefox will abort/crash: out of memory: 0xFFFFFFFFFFE40028 bytes requested Program received signal SIGSEGV, Segmentation fault. 0x00000000004088bf in mozalloc_abort(char const*) () (gdb) bt #0 0x00000000004088bf in mozalloc_abort(char const*) () #1 0x0000000000408931 in mozalloc_handle_oom(unsigned long) () #2 0x0000000000404f7d in moz_xmalloc () #3 0x00007ffff1a6b221 in ?? () from /home/g/Apps/firefox/libxul.so #4 0x00007ffff1a6b438 in ?? () from /home/g/Apps/firefox/libxul.so #5 0x00007ffff1a7f386 in ?? () from /home/g/Apps/firefox/libxul.so #6 0x00007ffff1a69f6c in ?? () from /home/g/Apps/firefox/libxul.so #7 0x00007ffff1a6b1b0 in ?? () from /home/g/Apps/firefox/libxul.so #8 0x00007ffff1a6ec43 in ?? () from /home/g/Apps/firefox/libxul.so #9 0x00007ffff1a6ee22 in ?? () from /home/g/Apps/firefox/libxul.so #10 0x00007ffff10a9f9a in ?? () from /home/g/Apps/firefox/libxul.so #11 0x00007ffff10b1d59 in ?? () from /home/g/Apps/firefox/libxul.so #12 0x00007ffff160eee7 in ?? () from /home/g/Apps/firefox/libxul.so #13 0x00007ffff15fd2a2 in ?? () from /home/g/Apps/firefox/libxul.so #14 0x00007ffff1402ccf in ?? () from /home/g/Apps/firefox/libxul.so #15 0x00007ffff66eaa55 in ?? () from /home/g/Apps/firefox/libnspr4.so #16 0x00007ffff7bc4182 in start_thread (arg=0x7fffccc12700) at pthread_create.c:312 #17 0x00007ffff6cc547d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111 (sorry for the lack of symbols, i couldn't find an updated version of Firefox with debugging symbols enabled and ASAN provided no more details) Since Firefox is failing trying to allocate such a large amount of memory maybe there is a integer overflow somewhere, so i'm very interested to know which is the cause of this issue. That's why i'm flagging this issue as a security related bug. Expected results: It shouldn't abort (for instance, Firefox 42 is *not* affected)

This is an intentional crash when we detect potentially unrecoverable memory problems. Don't need to hide it to protect anyone and we'll get more traction as a public bug.

we can narrow down what the broken change is using http://mozilla.github.io/mozregression/

I confirm it is affecting Firefox 43.0 (release)

This feels like it could be the same issue as bug 1235605, which manifested with an OOM but was actually an integer overflow. The stack looks similar or identical.

This was the original report of the issue, but the other bug has more discussion, so I'll dupe it forward. Sorry we did not look deeper at your original report.