I see this too, but when using the asian fonts (batang.ttc, gulim.ttc, mingliu.ttc, msgothic.ttc, msmincho.ttc and simsun.ttc) from microsoft. The 3511 other fonts installed on the system does not appear to trigger this bug.

The bug affects all pango using programs I've tested.

We cannot do much without having access to the fonts.

[...](In reply to comment #2)
> We cannot do much without having access to the fonts.
> 
$wget ftp://ftp.haansoftlinux.com/pub/haansoftlinux/OS/2005/Workstation/RPMS/hanyang-ttf-2.0-2hs.noarch.rpm

$rpm -ql hanyang-ttf* 
/usr/share/fonts/hanyang/Batang.ttf
/usr/share/fonts/hanyang/Batangche.ttf
/usr/share/fonts/hanyang/Dotum.ttf
/usr/share/fonts/hanyang/Dotumche.ttf
/usr/share/fonts/hanyang/Gulim.ttf
/usr/share/fonts/hanyang/Gulimche.ttf
[...]

this fonts have sbit (embedded bitmap truetype fonts) and are korean font.

Please see : https://bugs.freedesktop.org/show_bug.cgi?id=4705

Related this bug 341138 ? 

Using ttc (font collection) font, gtk2 program has many memory and cpu usage.

ftp://ftp.haansoftlinux.com/pub/haansoftlinux/OS/2005/Workstation/RPMS/hanyang-ttf-2.0-2hs.noarch.rpm
Sorry, this package doesn't have ttc font.

Wat are TTC fonts?

 http://sparcs.kaist.ac.kr/~pcpenpal/fonts/ has two ttc fonts  for test.
the fonts are batang.ttc and gulim.ttc.

(In reply to comment #6)
> Wat are TTC fonts?
> 

http://lists.freedesktop.org/archives/fontconfig/2003-November/000716.html
.ttc files are just files with multiple fonts; fontconfig has an FC_INDEX 
value which marks the font entry within a file.

Created attachment 66181 [details]
dmesg log

Comment on attachment 66181 [details]
dmesg log

Pango > 1.13.0 eats all memory in gentoo too with media-fonts/mikachan-font

Created attachment 66222 [details] [review]
use correct offset when loading opentype table

(In reply to comment #9)
> (From update of attachment 66181 [details] [edit])
> Pango > 1.13.0 eats all memory in gentoo too with media-fonts/mikachan-font
> 

The mikachan-font is also a truetype collection font, i.e with a suffix of ttc, isn't it? I believe the problem with ttc fonts is in the opentype table loading code. It incorrectly assumes that the table offset values are relative to each  individual font, but per opentype spec they are relative to the beginning of *font file*. As a result pango reads in some garbage when loading opentype table, most commonly GSUB, which in turn leads to bogus large size of table contents and quickly results in memory exhaustion. The attached one liner patch should fix it. 

Ok, cool.  I've written to David Turner to comment on the patch.

This is also a problem that HarfBuzz doesn't really validate the font...

you rocks, men! 
problem solved for me with the proposed patch applied against pango-1.13.1.

It was impossible for me to start X because i use mikachan as default font, now i'm happy with my full-updated gnome-2.15.2

(In reply to comment #12)

Here's the relevant text from opentype spec on microsoft's webpage. Note especially the last sentence.

<quote>
The TTC file must contain a complete Offset Table and Table Directory for each font. A TTC file Table Directory has exactly the same format as a TTF file Table Directory. The table offsets in all Table Directories within a TTC file are measured from the beginning of the TTC file.
</quote>

You can find this on this page, http://www.microsoft.com/typography/otspec/otff.htm
Scroll down, it's the second paragraph under the subsection "The TTC File Structure" in section "TrueType Collections".

Thanks.  Committed to HEAD, pango-1-12 branch, and HarfBuzz.

2006-05-31  Behdad Esfahbod  <behdad@gnome.org>

        Bug 341138 – Using TTC font, Gtk2 programs begin to eating big memory
        and have many cpu usage.
        Patch from Yong Li.

        * pango/opentype/ftglue.c (_hb_ftglue_face_goto_table): TrueType table
        offsets are absolute, not relative.