[Webkit-unassigned] [Bug 23840] New: Loading kcrw.com make Safari use 100% CPU and hang
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 8 23:45:03 PST 2009
https://bugs.webkit.org/show_bug.cgi?id=23840
Summary: Loading kcrw.com make Safari use 100% CPU and hang
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
URL: http://www.kcrw.com/
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: opendarwin at lapcatsoftware.com
Configuration
Test machines: Intel Core 2 Duo MacBook Pro, Intel Core Duo iMac
Operating System: Mac OS X 10.5.6
WebKit versions: svn revision 40743 and Safari Version 3.2.1 (5525.27.1)
Steps to reproduce
1. Launch Safari.
2. Select "Security" tab in Preferences window.
3. Set "Accept cookies" to "Never".
4. Check "Enable JavaScript".
5. Close Preferences window.
6. Load http://www.kcrw.com/
Expected results
The page finishes loading quickly.
Actual results
The page never finishes loading completely. Safari starts to have high CPU
usage, near 100%, and Safari eventually pinwheels.
Regression
The bug also occurs when cookie preferences are set to "Only from sites you
navigate to". It does not occur when cookie preferences are set to "Always".
Notes
I emailed a gdb backtrace and a sample to Mark Rowe. I'm not attaching them
here, because the files are very large. The sample was 229MB, compressed to
1.3MB! Mark can attach them to the bug if he likes.
I believe that the problematic code in the page source is the following:
<script language="JavaScript">
document.write('<SCRIPT LANGUAGE="JavaScript1.1"
SRC="http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord='
+ ord + '?" ><\/SCRIPT>');
</script>
<script>
if ((!document.images && navigator.userAgent.indexOf("Mozilla/2.") >= 0) ||
navigator.userAgent.indexOf("WebTV")>= 0) {
document.write('<A
HREF="http://ad.doubleclick.net/jump/c.site147.tmus/KCRW_Home_page;sz=160x600;ord='
+ ord + '?" TARGET="_blank">');
document.write('<IMG
SRC="http://ad.doubleclick.net/ad/c.site147.tmus/KCRW_Home_page;sz=160x600;ord='
+ ord + '?" WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>');
}
</script>
If you stick in a random number and download for example
http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=123456789?
you get this:
document.write('<IFRAME
SRC=\"http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518\"
WIDTH=160 HEIGHT=600 NORESIZE SCROLLING=NO FRAMEBORDER=0 MARGINWIDTH=0
MARGINHEIGHT=0></IFRAME>');
The URL
http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518
seems to be the real problem. Indeed, you can get high CPU usage from Safari by
just loading that page, or some random number variant of it. The source of that
page is the following:
<script language="JavaScript">
document.write('<SCRIPT LANGUAGE="JavaScript1.1"
SRC="http://ad.doubleclick.net/adj/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"><\/SCRIPT>');
</script>
<script>
if((!document.images &&
navigator.userAgent.indexOf("Mozilla/2.")>=0)||navigator.userAgent.indexOf("WebTV")>=0){
document.write('<A
HREF="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"
TARGET="_blank">');
document.write('<IMG
SRC="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"
WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>');
}
</script>
<noscript>
<a
href="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"
target="_blank"><img
src="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"
width="160" height="600" border="0" alt=""/></a>
So what appears to be happening is that there's some kind of infinite loop,
because it tries to set a cookie, that fails, the desired image is not yet
displayed in the page, and so it keeps trying over and over again.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list