diff -Naur a/mozilla/nsprpub/lib/ds/plarena.c b/mozilla/nsprpub/lib/ds/plarena.c
--- a/mozilla/nsprpub/lib/ds/plarena.c	2011-02-05 05:14:07.000000000 +0100
+++ b/mozilla/nsprpub/lib/ds/plarena.c	2013-12-17 10:55:49.543183512 +0100
@@ -221,8 +221,12 @@
     /* attempt to allocate from the heap */ 
     {  
         PRUint32 sz = PR_MAX(pool->arenasize, nb);
-        sz += sizeof *a + pool->mask;  /* header and alignment slop */
-        a = (PLArena*)PR_MALLOC(sz);
+        if (PR_UINT32_MAX - sz < sizeof *a + pool->mask) {
+            a = NULL;
+        } else {
+            sz += sizeof *a + pool->mask; /* header and alignment slop */
+            a = (PLArena*)PR_MALLOC(sz);
+        }
         if ( NULL != a )  {
             a->limit = (PRUword)a + sz;
             a->base = a->avail = (PRUword)PL_ARENA_ALIGN(pool, a + 1);