Bug 149008

Summary: meteomedia.com hangs in private browsing mode when trying to use DOMStorage
Product: WebKit Reporter: Florian Bruhin <webkit.org>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: andersca, ap, beidson, sam
Priority: P2 Keywords: InRadar
Version: Other   
Hardware: All   
OS: All   
URL: http://www.meteomedia.com/meteo/canada/alberta/calgary

Description Florian Bruhin 2015-09-09 13:46:24 PDT 
When visiting http://www.meteomedia.com/meteo/canada/alberta/calgary and private browsing mode is turned on, I get a hang with different stacktraces:

    #0  0x00007f1fce550e9f in pthread_getspecific ()
       from /usr/lib/libpthread.so.0
    #1  0x00007f1fcefbc87f in WTF::fastRealloc(void*, unsigned long) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #2  0x00007f1fcefe883b in WTF::StringImpl::reallocate(WTF::PassRefPtr<WTF::StringImpl>, unsigned int, unsigned char*&) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #3  0x00007f1fcefe1760 in void WTF::StringBuilder::reallocateBuffer<unsigned char>(unsigned int) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #4  0x00007f1fcefe1b5e in WTF::StringBuilder::append(unsigned char const*, unsigned int) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #5  0x00007f1fced1bf4d in JSC::StackFrame::toString(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #6  0x00007f1fced1c2b5 in JSC::Interpreter::stackTraceAsString(JSC::ExecState*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #7  0x00007f1fceea2e52 in JSC::VM::throwException(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    ...

    #0  0x00007f1fcee9f395 in JSC::JSFunction::name(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #1  0x00007f1fcee9f747 in JSC::JSFunction::calculatedDisplayName(JSC::ExecState*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #2  0x00007f1fcee9f8b0 in JSC::getCalculatedDisplayName(JSC::ExecState*, JSC::JSObject*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #3  0x00007f1fced1bc99 in JSC::StackFrame::toString(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #4  0x00007f1fced1c2b5 in JSC::Interpreter::stackTraceAsString(JSC::ExecState*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #5  0x00007f1fceea2e52 in JSC::VM::throwException(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    ...

    (with QtWebKit):

    #0  0x00007ffff57682c8 in JSC::Interpreter::getStackTrace(JSC::VM*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>&, unsigned long) () from /usr/lib/libQt5WebKit.so.5
    #1  0x00007ffff57688da in ?? () from /usr/lib/libQt5WebKit.so.5
    #2  0x00007ffff5893741 in JSC::throwError(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libQt5WebKit.so.5
    ...

This only seems to happen in private browsing mode, and is triggered after a few seconds of scrolling and window resizing.

I can reproduce this with Midori - version information:

    Version numbers in brackets show the version used at runtime.

    Command line midori
    Midori 0.5.10 ((null)) Midori
    GTK+ 2.24.27 (2.24.28)	Glib 2.44.0 (2.44.1)
    WebKitGTK+ 2.4.8 (2.4.9)	libSoup 2.50.0
    cairo 1.14.2 (1.14.2)	libnotify No
    gcr 3.15.92	granite No

I unfortunately can't easily test with a nightly build right now (sorry!) - but let me know if this can't be reproduced, then I'll continue to investigate.
Comment 1 Alexey Proskuryakov 2015-09-09 23:00:03 PDT 
I can reproduce with Safari 8 on Mac.

This happens because the web site tries to use either localStorage or sessionStorage (I didn't check which one), and gets into an infinite loop as that raises an exception.

We should probably stop raising exceptions, and provide a fake non-persistent storage when in private browsing.

rdar://problem/16684636
rdar://problem/19197190