Bug 35052

Summary: 100% CPU usage in XftCharIndex
Product: xorg Reporter: Joachim Breitner <mail>
Component: Lib/XftAssignee: Xorg Project Team <xorg-team>
Status: RESOLVED INVALID QA Contact: Xorg Project Team <xorg-team>
Severity: critical    
Priority: high Keywords: love
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard: 2011BRB_Reviewed
i915 platform: i915 features:

Description Joachim Breitner 2011-03-05 22:06:25 UTC 
As reported on http://bugs.debian.org/505482 using gnome-font-viewer on a certain ttf file causes the program to spin indefinitely with 100% CPU usage. 

The backtrace is
(gdb) bt
#0  0x00007fa218b51cff in XftCharIndex () from /usr/lib/libXft.so.2
#1  0x00007fa218b4f97a in XftTextExtentsUtf8 () from /usr/lib/libXft.so.2
#2  0x0000000000403484 in create_text_pixmap (drawing_area=0x268b960, 
    face=0x2426d60) at font-view.c:169
#3  0x00000000004045c6 in main (argc=2, argv=0x7fff20f73828)
    at font-view.c:473


The file in question can be downloaded from
http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=Untitled1.ttf;att=1;bug=505482

The file is probably broken or otherwise strange, so the severity is low, but the library should nevertheless handle it more gracefully.
Comment 1 Jeremy Huddleston Sequoia 2011-10-06 11:30:45 UTC 
Yeah, it looks like XftCharIndex does not handle errors well.  We're stuck 
inside:

    while (font->hash_table[ent].ucs4 != ucs4)
    {
        if (font->hash_table[ent].ucs4 == (FcChar32) ~0)
        {
            if (!XftCharExists (dpy, pub, ucs4))
                return 0;
            face  = XftLockFace (pub);
            if (!face)
                return 0;
            font->hash_table[ent].ucs4 = ucs4;
            font->hash_table[ent].glyph = FcFreeTypeCharIndex (face, ucs4);
            XftUnlockFace (pub);
            break;
        }
        if (!offset)
        {
            offset = ucs4 % font->rehash_value;
            if (!offset)
                offset = 1;
        }
        ent = ent + offset;
        if (ent >= font->hash_value)
            ent -= font->hash_value;
    }
Comment 2 Adam Jackson 2018-06-12 19:06:16 UTC 
Mass closure: This bug has been untouched for more than six years, and is not
obviously still valid. Please reopen this bug or file a new report if you continue to experience issues with current releases.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.