found this from a long time ago was created for ff17 and reported dont think it ever got fixed properly.
Severity: normal → critical
Component: General → General
OS: Linux → All
Product: Firefox → Core
Hardware: x86_64 → All
Version: 27 Branch → Trunk
It looks like the test case is just doubling the size of a buffer. On OSX, it just ends up hanging the browser. Are you seeing a crash on some other OS, like maybe Win32? What is the crash id (this will show up in about:crashes)?
I'll throw this in JS for now...
On Win64 I was only able to reproduce the hang with current Nightly (64bit). It seems that 32bit versions (25.0.1 port, 26, 27, 28) and Waterfox 24 are not affected, but have a high memory usage. I tested on Opera Next and IE11 as well, the result was a site crash and IE also hangs. Firefox 25.0.1 in my Win8.1 (32bit) vm crashs immediately: https://crash-stats.mozilla.com/report/index/123250cf-c4d4-43ba-95ed-9261c2140108 Firefox 26 and Aurora 27 /28 hangs / freezes has a high memory and CPU usage. So I think this bug is very critical for 32bis systems, especially on Firefox ESR.
The test case is just repeatedly doubling the size of the buffer, and eventually the browser safely hits an OOM crash, which is what the mozalloc_abort is. I don't see any evidence of memory corruption.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: causes crash maybe more → exponential string growth causes an OOM
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 896165
You need to log in before you can comment on or make changes to this bug.