Red Hat Bugzilla – Bug 66658
xfs security issue with large fonts
Last modified: 2007-04-18 12:43:09 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020501 Description of problem: xfs consumes excessive amounts of memory when large fonts are used. The problem manifests itself when using Mozilla 0.9.9 on XFree86-4.2.0. The URL to use is this: http://www.adeliesolutions.com/Projects/ Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Open Mozilla 2. Go to: http://www.adeliesolutions.com/Projects/ Actual Results: System becomes non-responsive and xfs crashes. Expected Results: xfs should know about cheap tricks like this. Additional info: Unfortunately, the problem leaked into public before it had a chance to be fixed, thanks to some irresponsible people at Register. See: http://theregister.co.uk/content/55/25689.html
I've been investigating this issue since the problem was first discovered. Unfortunately there currently is no fix available, and properly fixing it seems to be a non-trivial amount of work. The upstream maintainer of the code in question does not plan on fixing the code, which leaves things in a very sticky situation for the time being. We'll be tracking this issue closely, and working along with other distribution and OS vendors to hopefully come up with a solution as soon as possible.
I get a "connection refused" when I visit this URL, so I cannot verify the problem; but I seem to be having this same problem when I load a very complex web page. XFS seems to use up 100% of the system, and xmms starts skipping (this is an Athlon XP1700 with 512MB of RAM) and the whole computer is unresponsive for seconds on end. It eventually recovers, but it is annoying.
Fixing this problem is currently very complex and requires a lot of effort. The XFree86 team does not plan on resolving this issue for current releases, and is instead removing the faulty codepaths and using entirely new code in XFree86 4.3.0. I'm not sure how we'll handle this issue for 4.2.0, so I'm defering this for the future. In the interim, if any public solution surfaces, we will investigate it and consider releasing erratum.
*** Bug 74297 has been marked as a duplicate of this bug. ***
*** Bug 74228 has been marked as a duplicate of this bug. ***
Since this bugzilla report was filed, there have been several major updates to the X Window System, which may resolve this issue. Users who have experienced this problem are encouraged to upgrade to the latest version of Fedora Core, which can be obtained from: http://fedora.redhat.com/download If this issue turns out to still be reproduceable in the latest version of Fedora Core, please file a bug report in the X.Org bugzilla located at http://bugs.freedesktop.org in the "xorg" component. Once you've filed your bug report to X.Org, if you paste the new bug URL here, Red Hat will continue to track the issue in the centralized X.Org bug tracker, and will review any bug fixes that become available for consideration in future updates. Setting status to "CURRENTRELEASE".