I saw a crash with this signature (only one) and figured I'd file a bug for it: bp-253b7d65-7fc0-4e62-a35e-a8b5f0170419 The crash reason is: maybe_pod_realloc: new buffer (old size = 131072) contains 4096 bytes of poison starting from offset 36864!

This is one of the crashes associated with bug 1124397. There are other signatures [1][2] but this one is new, probably due to a change in inlining. I don't think there's any reason to mark this one as security sensitive. Unfortunately these crashes are pretty much inactionable; right now I'm trying to get some statistics and see if some of them are due to bad hardware. It's possible that the OSX crashes are due to some sort of miscompilation in mozjemalloc; that's something I want to look into soon. The Windows ones are probably a lost cause though. [1] https://crash-stats.mozilla.com/search/?build_id=%3E%3D20170323030203&moz_crash_reason=~maybe_pod_realloc&moz_crash_reason=~free_&moz_crash_reason=~uintptr_t%28p%29%20%3D%3D%20currAddr&moz_crash_reason=~%21currSize%20%26%26%20%21currAddr&moz_crash_reason=~Could%20not%20confirm%20the%20presence%20of%20poison%21&product=Firefox&version=55.0a1&date=%3E%3D2017-03-23T00%3A00%3A00.000Z&date=%3C2018-03-22T00%3A00%3A00.000Z&_sort=-date&_facets=signature&_facets=moz_crash_reason&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=moz_crash_reason#facet-signature [2] https://crash-stats.mozilla.com/search/?build_id=%3E%3D20170404004003&moz_crash_reason=~maybe_pod_realloc&moz_crash_reason=~free_&moz_crash_reason=~uintptr_t%28p%29%20%3D%3D%20currAddr&moz_crash_reason=~%21currSize%20%26%26%20%21currAddr&moz_crash_reason=~Could%20not%20confirm%20the%20presence%20of%20poison%21&product=Firefox&version=54.0a2&date=%3E%3D2017-04-04T00%3A00%3A00.000Z&date=%3C2018-04-03T00%3A00%3A00.000Z&_sort=-date&_facets=signature&_facets=moz_crash_reason&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=moz_crash_reason#facet-signature

FWIW this signature has no reports in last 6 months https://crash-stats.mozilla.com/signature/?signature=js%3A%3AProtectedReallocPolicy%3A%3AcrashWithInfo&date=%3E%3D2018-03-05T23%3A02%3A45.000Z&date=%3C2018-09-06T01%3A02%3A45.000Z&_columns=date&_columns=product&_columns=version&_columns=build_id&_columns=platform&_columns=reason&_columns=address&_columns=install_time&_sort=-date&page=1#reports

Closing because no crash reported since 12 weeks.