oss-sec mailing list archives
Re: Is not memory allocation failure a bug?
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 8 Jun 2017 15:54:27 -0600
On 2017-06-08 3:04 PM, Glenn Randers-Pehrson wrote:
I just checked a fix for one of those into Firefox yesterday. It wasn't considered a serious problem because the malloc would eventually fail safely, but it's better to predict the problem ahead of time and not even try to malloc all available memory. See https://bugzilla.mozilla.org/show_bug.cgi?id=1368407 in which a tiny PNG file tries to claim Gigabytes of memory.
Ok so I tested it, no crash/huge memory thing, but the CPU got maxed and even when I closed the tab for the image Firefox kept eating CPU, I wasn't able to close Firefox, had to use the kill command (which worked fine) so this clearly falls into the DoS camp and may need a CVE, has Mozilla commented on why they have elected to NOT give it a CVE? -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- Is not memory allocation failure a bug? Qhdwns123 (Jun 08)
- Re: Is not memory allocation failure a bug? Marcus Meissner (Jun 08)
- Re: Is not memory allocation failure a bug? Bob Friesenhahn (Jun 08)
- Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)
- Re: Is not memory allocation failure a bug? Kurt Seifried (Jun 08)
- Re: Is not memory allocation failure a bug? Glenn Randers-Pehrson (Jun 08)