Bug 23840

Configuration Test machines: Intel Core 2 Duo MacBook Pro, Intel Core Duo iMac Operating System: Mac OS X 10.5.6 WebKit versions: svn revision 40743 and Safari Version 3.2.1 (5525.27.1) Steps to reproduce 1. Launch Safari. 2. Select "Security" tab in Preferences window. 3. Set "Accept cookies" to "Never". 4. Check "Enable JavaScript". 5. Close Preferences window. 6. Load http://www.kcrw.com/ Expected results The page finishes loading quickly. Actual results The page never finishes loading completely. Safari starts to have high CPU usage, near 100%, and Safari eventually pinwheels. Regression The bug also occurs when cookie preferences are set to "Only from sites you navigate to". It does not occur when cookie preferences are set to "Always". Notes I emailed a gdb backtrace and a sample to Mark Rowe. I'm not attaching them here, because the files are very large. The sample was 229MB, compressed to 1.3MB! Mark can attach them to the bug if he likes. I believe that the problematic code in the page source is the following: <script language="JavaScript"> document.write('<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" ><\/SCRIPT>'); </script> <script> if ((!document.images && navigator.userAgent.indexOf("Mozilla/2.") >= 0) || navigator.userAgent.indexOf("WebTV")>= 0) { document.write('<A HREF="http://ad.doubleclick.net/jump/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" TARGET="_blank">'); document.write('<IMG SRC="http://ad.doubleclick.net/ad/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>'); } </script> If you stick in a random number and download for example http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=123456789? you get this: document.write('<IFRAME SRC=\"http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518\" WIDTH=160 HEIGHT=600 NORESIZE SCROLLING=NO FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0></IFRAME>'); The URL http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518 seems to be the real problem. Indeed, you can get high CPU usage from Safari by just loading that page, or some random number variant of it. The source of that page is the following: <script language="JavaScript"> document.write('<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"><\/SCRIPT>'); </script> <script> if((!document.images && navigator.userAgent.indexOf("Mozilla/2.")>=0)||navigator.userAgent.indexOf("WebTV")>=0){ document.write('<A HREF="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" TARGET="_blank">'); document.write('<IMG SRC="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>'); } </script> <noscript> <a href="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" target="_blank"><img src="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" width="160" height="600" border="0" alt=""/></a> So what appears to be happening is that there's some kind of infinite loop, because it tries to set a cookie, that fails, the desired image is not yet displayed in the page, and so it keeps trying over and over again.