149008 – meteomedia.com hangs in private browsing mode when trying to use DOMStorage

Bug 149008 - meteomedia.com hangs in private browsing mode when trying to use DOMStorage

Summary: meteomedia.com hangs in private browsing mode when trying to use DOMStorage

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	Other
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:	http://www.meteomedia.com/meteo/canad...
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2015-09-09 13:46 PDT by Florian Bruhin
Modified:	2015-09-09 23:00 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Bruhin 2015-09-09 13:46:24 PDT

When visiting http://www.meteomedia.com/meteo/canada/alberta/calgary and private browsing mode is turned on, I get a hang with different stacktraces:

    #0  0x00007f1fce550e9f in pthread_getspecific ()
       from /usr/lib/libpthread.so.0
    #1  0x00007f1fcefbc87f in WTF::fastRealloc(void*, unsigned long) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #2  0x00007f1fcefe883b in WTF::StringImpl::reallocate(WTF::PassRefPtr<WTF::StringImpl>, unsigned int, unsigned char*&) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #3  0x00007f1fcefe1760 in void WTF::StringBuilder::reallocateBuffer<unsigned char>(unsigned int) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #4  0x00007f1fcefe1b5e in WTF::StringBuilder::append(unsigned char const*, unsigned int) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #5  0x00007f1fced1bf4d in JSC::StackFrame::toString(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #6  0x00007f1fced1c2b5 in JSC::Interpreter::stackTraceAsString(JSC::ExecState*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #7  0x00007f1fceea2e52 in JSC::VM::throwException(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    ...

    #0  0x00007f1fcee9f395 in JSC::JSFunction::name(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #1  0x00007f1fcee9f747 in JSC::JSFunction::calculatedDisplayName(JSC::ExecState*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #2  0x00007f1fcee9f8b0 in JSC::getCalculatedDisplayName(JSC::ExecState*, JSC::JSObject*) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #3  0x00007f1fced1bc99 in JSC::StackFrame::toString(JSC::ExecState*) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #4  0x00007f1fced1c2b5 in JSC::Interpreter::stackTraceAsString(JSC::ExecState*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>) ()
       from /usr/lib/libjavascriptcoregtk-1.0.so.0
    #5  0x00007f1fceea2e52 in JSC::VM::throwException(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libjavascriptcoregtk-1.0.so.0
    ...

    (with QtWebKit):

    #0  0x00007ffff57682c8 in JSC::Interpreter::getStackTrace(JSC::VM*, WTF::Vector<JSC::StackFrame, 0ul, WTF::CrashOnOverflow>&, unsigned long) () from /usr/lib/libQt5WebKit.so.5
    #1  0x00007ffff57688da in ?? () from /usr/lib/libQt5WebKit.so.5
    #2  0x00007ffff5893741 in JSC::throwError(JSC::ExecState*, JSC::JSValue) () from /usr/lib/libQt5WebKit.so.5
    ...

This only seems to happen in private browsing mode, and is triggered after a few seconds of scrolling and window resizing.

I can reproduce this with Midori - version information:

    Version numbers in brackets show the version used at runtime.

    Command line midori
    Midori 0.5.10 ((null)) Midori
    GTK+ 2.24.27 (2.24.28)	Glib 2.44.0 (2.44.1)
    WebKitGTK+ 2.4.8 (2.4.9)	libSoup 2.50.0
    cairo 1.14.2 (1.14.2)	libnotify No
    gcr 3.15.92	granite No

I unfortunately can't easily test with a nightly build right now (sorry!) - but let me know if this can't be reproduced, then I'll continue to investigate.

Comment 1 Alexey Proskuryakov 2015-09-09 23:00:03 PDT

I can reproduce with Safari 8 on Mac.

This happens because the web site tries to use either localStorage or sessionStorage (I didn't check which one), and gets into an infinite loop as that raises an exception.

We should probably stop raising exceptions, and provide a fake non-persistent storage when in private browsing.

rdar://problem/16684636
rdar://problem/19197190