interesting libfreetype6 bug
For some time now, mozilla on my home-machine got stuck for a long
time when visiting certain web-pages such as slashdot. At first, I
assumed that it's a temporary mozilla glitch, but the problem
persisted even after upgrading to the same version of mozilla as the
one I was using at work, which didn't get stuck.
Last night, I hit a particularly bad case of this where mozilla was
stuck for perhaps 1+ minutes. So I ran q-syscollect on it to find
that it's spending all it's time in a tight loop inside libfreetype.
The patch below fixes the problem for me. The problem was that
libfreetype was trying to scale a vector to length 1.0, but then
applied a correction-loop which, due to an apparent typo, tried to
scale the vector down to 0.25. This could lead to underflows and
effectly the code would loop through every possible 64-bit value (more
or less). No wonder that took a while...
Anyhow, I reported the bug to devel@freetype.org (at least I think so,
the mailing list archive is broken for July and I have not received
any confirmation that my bug-report has made it), but I thought I'd
also post it here in case others are seeing the same annoying
behavior. Note: the bug is definitely present in freetype-2.1.7 and
the CVS tree as of yesterday.
Cheers,
--david
--- freetype2/src/truetype/ttinterp.c-orig 2004-07-15 23:57:01.763595339 -0700
+++ freetype2/src/truetype/ttinterp.c 2004-07-15 23:57:27.806845483 -0700
@@ -2474,7 +2474,7 @@
W = Vx * Vx + Vy * Vy;
/* Now, we want that Sqrt( W ) = 0x4000 */
- /* Or 0x1000000 <= W < 0x1004000 */
+ /* Or 0x10000000 <= W < 0x10004000 */
if ( Vx < 0 )
{
@@ -2492,7 +2492,7 @@
else
S2 = FALSE;
- while ( W < 0x1000000L )
+ while ( W < 0x10000000L )
{
/* We need to increase W by a minimal amount */
if ( Vx < Vy )
@@ -2503,7 +2503,7 @@
W = Vx * Vx + Vy * Vy;
}
- while ( W >= 0x1004000L )
+ while ( W >= 0x10004000L )
{
/* We need to decrease W by a minimal amount */
if ( Vx < Vy )
Reply to: