Bug 23840 - Loading kcrw.com make Safari use 100% CPU and hang
Summary: Loading kcrw.com make Safari use 100% CPU and hang
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL: http://www.kcrw.com/
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2009-02-08 23:45 PST by Jeff Johnson
Modified: 2022-02-10 21:03 PST (History)
3 users (show)

See Also:

Attachments
Page source of http://www.kcrw.com/ (65.81 KB, text/html)
2009-02-08 23:49 PST, Jeff Johnson 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jeff Johnson 2009-02-08 23:45:02 PST 
Configuration
Test machines: Intel Core 2 Duo MacBook Pro, Intel Core Duo iMac
Operating System: Mac OS X 10.5.6
WebKit versions: svn revision 40743 and Safari Version 3.2.1 (5525.27.1)


Steps to reproduce
1. Launch Safari.
2. Select "Security" tab in Preferences window.
3. Set "Accept cookies" to "Never".
4. Check "Enable JavaScript".
5. Close Preferences window.
6. Load http://www.kcrw.com/


Expected results
The page finishes loading quickly.


Actual results
The page never finishes loading completely. Safari starts to have high CPU usage, near 100%, and Safari eventually pinwheels.


Regression
The bug also occurs when cookie preferences are set to "Only from sites you navigate to". It does not occur when cookie preferences are set to "Always".

Notes
I emailed a gdb backtrace and a sample to Mark Rowe. I'm not attaching them here, because the files are very large. The sample was 229MB, compressed to 1.3MB! Mark can attach them to the bug if he likes.

I believe that the problematic code in the page source is the following:

<script language="JavaScript">

document.write('<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" ><\/SCRIPT>');

</script>
<script>

if ((!document.images && navigator.userAgent.indexOf("Mozilla/2.") >= 0)  || navigator.userAgent.indexOf("WebTV")>= 0) {

document.write('<A HREF="http://ad.doubleclick.net/jump/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" TARGET="_blank">');

document.write('<IMG SRC="http://ad.doubleclick.net/ad/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=' + ord + '?" WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>');

}
</script>

If you stick in a random number and download for example http://ad.doubleclick.net/adj/c.site147.tmus/KCRW_Home_page;sz=160x600;ord=123456789? you get this:

document.write('<IFRAME SRC=\"http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518\" WIDTH=160 HEIGHT=600 NORESIZE SCROLLING=NO FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0></IFRAME>');

The URL http://u.npr.org/hserver/site=NETWORK/station=KCRW/vertical=MUSIC/utype=BANNER/aamsz=160x600/ACC_RANDOM=2667518 seems to be the real problem. Indeed, you can get high CPU usage from Safari by just loading that page, or some random number variant of it. The source of that page is the following:

<script language="JavaScript">
document.write('<SCRIPT LANGUAGE="JavaScript1.1" SRC="http://ad.doubleclick.net/adj/c.site147.tmus/nopassback;sz=160x600;ord=2667518?"><\/SCRIPT>');
</script>
<script>
if((!document.images && navigator.userAgent.indexOf("Mozilla/2.")>=0)||navigator.userAgent.indexOf("WebTV")>=0){
document.write('<A HREF="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" TARGET="_blank">');
document.write('<IMG SRC="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" WIDTH="160" HEIGHT="600" BORDER="0" ALT="" \/><\/A>');
}
</script>
<noscript>
<a href="http://ad.doubleclick.net/jump/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" target="_blank"><img src="http://ad.doubleclick.net/ad/c.site147.tmus/nopassback;sz=160x600;ord=2667518?" width="160" height="600" border="0" alt=""/></a>

So what appears to be happening is that there's some kind of infinite loop, because it tries to set a cookie, that fails, the desired image is not yet displayed in the page, and so it keeps trying over and over again.
Comment 1 Jeff Johnson 2009-02-08 23:49:55 PST 
Created attachment 27479 [details]
Page source of http://www.kcrw.com/
Comment 2 Mark Rowe (bdash) 2009-02-08 23:54:17 PST 
<rdar://problem/6567779>
Comment 3 Mark Rowe (bdash) 2009-02-21 00:47:58 PST 
Does this still happen after installing the recent Mac OS X security update?
Comment 4 Jeff Johnson 2009-02-21 10:10:53 PST 
(In reply to comment #3)
> Does this still happen after installing the recent Mac OS X security update?

Yes, it still occurs after installing Security Update 2009-001. It appears from the bom file that there weren't any changes to either WebKit or Safari in that security update.
Comment 5 Mark Rowe (bdash) 2009-02-21 11:28:23 PST 
There were changes to CFNetwork related to cookies that I had thought could explain why you were able to reproduce this problem while I was unable (I had an early version of the security update installed back when we were discussing this on IRC).
Comment 6 Jeff Johnson 2009-02-21 12:51:22 PST 
(In reply to comment #5)
> There were changes to CFNetwork related to cookies that I had thought could
> explain why you were able to reproduce this problem while I was unable (I had
> an early version of the security update installed back when we were discussing
> this on IRC).

Got it. I can provide more information if needed to reproduce.
Comment 7 Brady Eidson 2009-02-23 18:45:41 PST 
I can't reproduce this either.

Mark, do you have the spin log?