Bug 66658 - xfs security issue with large fonts
Summary: xfs security issue with large fonts
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: XFree86 (Show other bugs)
(Show other bugs)
Version: 1.0
Hardware: i386 Linux
Target Milestone: ---
Assignee: Mike A. Harris
QA Contact: David Lawrence
URL: http://theregister.co.uk/content/55/2...
Keywords: Security
: 74228 74297 (view as bug list)
Depends On:
Blocks: 67218
TreeView+ depends on / blocked
Reported: 2002-06-13 05:54 UTC by Bojan Smojver
Modified: 2007-04-18 16:43 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-20 12:45:47 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bojan Smojver 2002-06-13 05:54:13 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.0 (X11; Linux i686; U;) Gecko/20020501

Description of problem:
xfs consumes excessive amounts of memory when large fonts are used. The problem
manifests itself when using Mozilla 0.9.9 on XFree86-4.2.0. The URL to use is
this: http://www.adeliesolutions.com/Projects/

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Open Mozilla
2. Go to: http://www.adeliesolutions.com/Projects/

Actual Results:  System becomes non-responsive and xfs crashes.

Expected Results:  xfs should know about cheap tricks like this.

Additional info:

Unfortunately, the problem leaked into public before it had a chance to be
fixed, thanks to some irresponsible people at Register. See:

Comment 1 Mike A. Harris 2002-06-22 08:45:54 UTC
I've been investigating this issue since the problem was first discovered.
Unfortunately there currently is no fix available, and properly fixing it
seems to be a non-trivial amount of work.  The upstream maintainer of
the code in question does not plan on fixing the code, which leaves things
in a very sticky situation for the time being.

We'll be tracking this issue closely, and working along with other distribution
and OS vendors to hopefully come up with a solution as soon as possible.

Comment 2 Craig Kelley 2002-08-26 20:18:07 UTC
I get a "connection refused" when I visit this URL, so I cannot verify the
problem; but I seem to be having this same problem when I load a very complex
web page.  XFS seems to use up 100% of the system, and xmms starts skipping
(this is an Athlon XP1700 with 512MB of RAM) and the whole computer is
unresponsive for seconds on end.  It eventually recovers, but it is annoying.

Comment 3 Mike A. Harris 2002-09-01 23:45:56 UTC
Fixing this problem is currently very complex and requires a lot
of effort.  The XFree86 team does not plan on resolving this issue
for current releases, and is instead removing the faulty codepaths
and using entirely new code in XFree86 4.3.0.

I'm not sure how we'll handle this issue for 4.2.0, so I'm defering
this for the future.  In the interim, if any public solution surfaces,
we will investigate it and consider releasing erratum.

Comment 4 Mike A. Harris 2002-11-03 09:12:05 UTC
*** Bug 74297 has been marked as a duplicate of this bug. ***

Comment 5 Mike A. Harris 2002-11-03 09:12:50 UTC
*** Bug 74228 has been marked as a duplicate of this bug. ***

Comment 6 Mike A. Harris 2005-04-20 12:45:47 UTC
Since this bugzilla report was filed, there have been several major
updates to the X Window System, which may resolve this issue.  Users
who have experienced this problem are encouraged to upgrade to the
latest version of Fedora Core, which can be obtained from:


If this issue turns out to still be reproduceable in the latest
version of Fedora Core, please file a bug report in the X.Org
bugzilla located at http://bugs.freedesktop.org in the "xorg"

Once you've filed your bug report to X.Org, if you paste the new
bug URL here, Red Hat will continue to track the issue in the
centralized X.Org bug tracker, and will review any bug fixes that
become available for consideration in future updates.

Setting status to "CURRENTRELEASE".

Note You need to log in before you can comment on or make changes to this bug.