Login/Register
Every WebKit-based browser crashes sites using Omniture. Why?
Asked Answered
Solved androidwebkitandroid-webviewsamsung-mobileadobe-analytics
R

2

11

Actually, a more accurate statement is:

Every WebKit-based browser crashes on http://m.allrecipes.com/ but only in a Samsung Continuum SCH-i400 phone.

I am trying to implement a WebView-based browser, mainly for learning purposes (there are way too many on the market, why add one?), and I was impressed by how quickly I could come up with a basic working one. I tested it on numerous sites on my Samsung Continuum phone and they all worked flawlessly, except for m.allrecipes.com .

Whenever I tried to load that web page, I received the following NullPointerException:

E/AndroidRuntime(3147): FATAL EXCEPTION: http10
E/AndroidRuntime(3147): java.lang.NullPointerException
E/AndroidRuntime(3147):     at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
E/AndroidRuntime(3147):     at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
E/AndroidRuntime(3147):     at android.net.http.Connection.openHttpConnection(Connection.java:358)
E/AndroidRuntime(3147):     at android.net.http.Connection.processRequests(Connection.java:219)
E/AndroidRuntime(3147):     at android.net.http.ConnectionThread.run(ConnectionThread.java:113)

Unable to find an explanation for this in my code, I tried to see how other browsers behave, on this Samsung Continuum phone, when accessing m.allrecipes.com:

The findings were very interesting: Dolphin, Opera, iBrowser and others had no problem whatsoever.

But Free Private Browser, Voice Browser and Easy Browser all crashed immediately upon accessing m.allrecipes.com with the same exact stack trace.

Thus, this problem is very easy to reproduce, if you can lay your hands on a Samsung Continuum SCH-i400 unit.

I know that the quickest and easiest way to solve this problem is by either using a different browser or getting rid of my phone. But I am looking to understand the source of the problem, because it may point out to potential problems down the road when using WebKit, possibly on other phones as well.

So my questions are basically:

  1. What in m.allrecipes.com is so special that it triggers this WebKit+Continuum bug?
  2. What in Samsung Continuum SCH-i400 is so special that it fails only on this website and only with a WebKit-based browser?
  3. What in WebKit is so special that it doesn't like the combination of Continuum+allrecipes.com.
  4. Are there additional websites that trigger this behavior?

Adding the log from Free Private Browser per @sarnold's suggestion:

:13.195: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 0, uniqueID = 1
:13.199: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 1, uniqueID = 2
:13.199: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 0, uniqueID = 3
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 1, uniqueID = 4
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 2, uniqueID = 5
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 3, uniqueID = 6
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Mono, style = 0, uniqueID = 7
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Arabic, style = 0, uniqueID = 8
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Hebrew, style = 0, uniqueID = 9
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Thai, style = 0, uniqueID = 10
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 0, uniqueID = 11
:13.215: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Fallback, style = 0, uniqueID = 12
:13.215: D/SKIA_FONT(5973): load_system_fonts(), oldSansUID = 0, newSansUID = 1
:13.215: D/SKIA_FONT(5973): load_system_fonts(), oldSansBoldUID = 0, newSansBoldUID = 2
:13.308: D/dalvikvm(5973): GC_EXTERNAL_ALLOC freed 3163 objects / 205880 bytes in 13ms
:13.566: I/Ads(5973): To get test ads on this device, call adRequest.addTestDevice("BE8FFE83C668E44B60E7CBD947D7D226");
:13.590: D/dalvikvm(5973): GC_FOR_MALLOC freed 7592 objects / 361280 bytes in 11ms
:13.597: I/Ads(5973): adRequestUrlHtml: <html><head><script src="http://media.admob.com/sdk-core-v40.js"></script><script>AFMA_buildAdURL({"preqs":0,"u_sd":1.375,"slotname":"a14c2366fe4baa1","u_w":349,"msid":"com.JamesBecwar.FreePrivateBrowser","cap":"m","js":"afma-sdk-a-v4.3.1","mv":"8013013.com.android.vending","isu":"BE8FFE83C668E44B60E7CBD947D7D226","cipa":0,"format":"320x50_mb","net":"wi","app_name":"28.android.com.JamesBecwar.FreePrivateBrowser","hl":"en","u_h":581,"u_audio":1});</script></head><body></body></html>
:14.211: W/webcore(5973): Can't get the viewWidth after the first layout
:14.640: I/Ads(5973): Received ad url: <"url": "http://googleads.g.doubleclick.net:80/mads/gma?preqs=0&u_sd=1.375&slotname=a14c2366fe4baa1&u_w=349&msid=com.JamesBecwar.FreePrivateBrowser&cap=m&js=afma-sdk-a-v4.3.1&mv=8013013.com.android.vending&isu=BE8FFE83C668E44B60E7CBD947D7D226&cipa=0&format=320x50_mb&net=wi&app_name=28.android.com.JamesBecwar.FreePrivateBrowser&hl=en&u_h=581&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=300&ex=1&client_sdk=1&pto=0&caps=interactiveVideo_clickTracking_sdkAdmobApiForAds&jsv=27", "afmaNotifyDt": "null">
:14.769: W/Ads(5973): IOException connecting to ad url.
:14.769: W/Ads(5973): java.net.ConnectException: googleads.g.doubleclick.net/127.0.0.1:80 - Connection refused
:14.769: W/Ads(5973):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:254)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:533)
:14.769: W/Ads(5973):   at java.net.Socket.connect(Socket.java:1074)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.<init>(HttpConnection.java:62)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnectionPool.get(HttpConnectionPool.java:88)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getHTTPConnection(HttpURLConnectionImpl.java:927)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:909)
:14.769: W/Ads(5973):   at com.google.ads.b.run(SourceFile:280)
:14.769: W/Ads(5973):   at java.lang.Thread.run(Thread.java:1096)
:14.812: D/webviewglue(5973): nativeDestroy view: 0x324d00
:14.816: I/Ads(5973): onFailedToReceiveAd(A network error occurred.)
:15.574: D/dalvikvm(5973): GC_FOR_MALLOC freed 5178 objects / 598576 bytes in 25ms
:15.578: D/webviewglue(5973): nativeDestroy view: 0x2634a0
:17.351: I/Database(5973): sqlite returned: error code = 14, msg = cannot open file at source line 25467
:17.359: E/geolocationService(5973): Caught security exception registering for location updates from system. This should only happen in DumpRenderTree.
:41.011: D/dalvikvm(5973): GC_FOR_MALLOC freed 5959 objects / 981064 bytes in 15ms
:42.015: I/Web Console(5973): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:42.015: I/Web Console(5973): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:42.699: W/dalvikvm(5973): threadid=12: thread exiting with uncaught exception (group=0x4001d7f0)
:42.703: E/AndroidRuntime(5973): FATAL EXCEPTION: http1
:42.703: E/AndroidRuntime(5973): java.lang.NullPointerException
:42.703: E/AndroidRuntime(5973):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:42.703: E/AndroidRuntime(5973):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:42.703: E/AndroidRuntime(5973):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:42.703: E/AndroidRuntime(5973):    at android.net.http.Connection.processRequests(Connection.java:219)
:42.703: E/AndroidRuntime(5973):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)
:42.773: W/dalvikvm(5973): threadid=22: thread exiting with uncaught exception (group=0x4001d7f0)
:42.781: I/Process(5973): Sending signal. PID: 5973 SIG: 9

And the log from Voice Browser:

:44.226: I/dalvikvm(6273): Jit: resizing JitTable from 4096 to 8192
:44.226: D/dalvikvm(6273): GC_FOR_MALLOC freed 13956 objects / 744856 bytes in 29ms
:45.730: I/Web Console(6273): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:45.734: I/Web Console(6273): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:46.707: W/dalvikvm(6273): threadid=14: thread exiting with uncaught exception (group=0x4001d7f0)
:46.718: E/AndroidRuntime(6273): FATAL EXCEPTION: http2
:46.718: E/AndroidRuntime(6273): java.lang.NullPointerException
:46.718: E/AndroidRuntime(6273):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:46.718: E/AndroidRuntime(6273):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:46.718: E/AndroidRuntime(6273):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:46.718: E/AndroidRuntime(6273):    at android.net.http.Connection.processRequests(Connection.java:219)
:46.718: E/AndroidRuntime(6273):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)
:46.718: W/dalvikvm(6273): threadid=15: thread exiting with uncaught exception (group=0x4001d7f0)

And from Easy Browser:

:11.597: D/dalvikvm(6557): GC_FOR_MALLOC freed 10496 objects / 629992 bytes in 57ms
:11.605: D/webviewglue(6557): nativeDestroy view: 0x25c8e8
:11.609: W/IInputConnectionWrapper(6557): getCursorCapsMode on inactive InputConnection
:11.640: I/Ads(6557): adRequestUrlHtml: <html><head><script src="http://www.gstatic.com/afma/sdk-core-v40.js"></script><script>AFMA_buildAdURL({"preqs":1,"u_sd":1.375,"slotname":"a14f3f6bc126143","u_w":349,"msid":"easy.browser","cap":"m","js":"afma-sdk-a-v4.1.1","isu":"BE8FFE83C668E44B60E7CBD947D7D226","format":"320x50_mb","net":"wi","app_name":"23.android.easy.browser","hl":"en","u_h":581,"u_audio":1});</script></head><body></body></html>
:11.664: W/IInputConnectionWrapper(6557): getCursorCapsMode on inactive InputConnection
:11.730: W/IInputConnectionWrapper(6557): finishComposingText on inactive InputConnection
:11.867: W/webcore(6557): Can't get the viewWidth after the first layout
:12.051: I/Ads(6557): Received ad url: <"url": "http://googleads.g.doubleclick.net:80/mads/gma?preqs=1&u_sd=1.375&slotname=a14f3f6bc126143&u_w=349&msid=easy.browser&cap=m&js=afma-sdk-a-v4.1.1&isu=BE8FFE83C668E44B60E7CBD947D7D226&format=320x50_mb&net=wi&app_name=23.android.easy.browser&hl=en&u_h=581&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=300&ex=1&client_sdk=1&askip=1&caps=clickTracking_sdkAdmobApiForAds&jsv=27", "afmaNotifyDt": "null">
:12.086: W/Ads(6557): IOException connecting to ad url.
:12.086: W/Ads(6557): java.net.ConnectException: googleads.g.doubleclick.net/127.0.0.1:80 - Connection refused
:12.086: W/Ads(6557):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:254)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:533)
:12.086: W/Ads(6557):   at java.net.Socket.connect(Socket.java:1074)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.<init>(HttpConnection.java:62)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnectionPool.get(HttpConnectionPool.java:88)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getHTTPConnection(HttpURLConnectionImpl.java:927)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:909)
:12.086: W/Ads(6557):   at b.run(Unknown Source)
:12.086: W/Ads(6557):   at java.lang.Thread.run(Thread.java:1096)
:12.086: D/webviewglue(6557): nativeDestroy view: 0x382ff0
:12.086: I/Ads(6557): onFailedToReceiveAd(A network error occurred.)
:13.890: I/Web Console(6557): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:13.894: I/Web Console(6557): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:14.687: W/dalvikvm(6557): threadid=21: thread exiting with uncaught exception (group=0x4001d7f0)
:14.687: W/System.err(6557): java.lang.NullPointerException
:14.687: W/System.err(6557):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:14.687: W/System.err(6557):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:14.687: W/System.err(6557):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:14.687: W/System.err(6557):    at android.net.http.Connection.processRequests(Connection.java:219)
:14.687: W/System.err(6557):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)
Revivalist answered 5/7, 2012 at 22:25 Comment(12)
When I visit with my desktop browser, I don't see any HTTPS content. So I'm surprised your browser tries to make HTTPS connections. Can you add some debugging code to try to trace the HTTPS connections further and try to figure out why you're presumably getting certificates that poke bugs in the certificate validation code? (It is probably worth contacting the Samsung security team.)Corby
@Corby What debugging code would like to see?Revivalist
At a quick start, the URL. :) Maybe certificate details, if you can get those before they cause the crash...Corby
@Corby The URL is exactly m.allrecipes.com (no SSL). I just added the log from the Free Private Browser. How do I get certificate details? Which certificate? (again, I'm not accessing any HTTPS).Revivalist
But your stack dump shows HTTPS classes and certificate parsing. That code is presumably called for some reason. Why? What specific resource request for that page, as a whole, is going through SSL? (And why doesn't my desktop browser do that?)Corby
http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24 does mention https once... though that code is completely illegible.Corby
@Corby That's a big mystery. The stack dumps depicted above are from applications that aren't mine but I can tell you that mine doesn't look any different and I know for sure that I'm not calling any SSL. If it were that easy, I wouldn't have given up by deciding to consult the entire world. :)Revivalist
Can you disable JavaScript parsing and say to hell with their Omniture code? :)Corby
@Corby LOL I just did as you said: I disabled Javascript and lo & behold m.allrecipes.com no longer crashes. :) Also, thanks to you spotting bloody Omniture, I found this sites using Omniture list and sure enough they all crash WebKit if Javascript is enabled. The problem now is... these websites are useless without Javascript. LOL.Revivalist
Pity they only crash a tiny wedge of the browser market. Overly Mobile sites that have drastically reduced functionality are no fun anywhere, and it'd be nice to kill them all off at once...Corby
@Corby I wonder if this is related.Revivalist
probably not, that's a simple mistake in using the Omniture script. I think you've hit a problem of the Omniture script loading content over an SSL link that cannot be verified. I'd report it up the chain to Samsung's security team, non-verifiable certificates should not crash the browser: they should just fail to load the content.Corby
P
6

BTW, I presume that your Continuum is still running Android 2.1.

What in m.allrecipes.com is so special that it triggers this WebKit+Continuum bug?

In the Android 2.1 emulator, I get a "This certificate is not from a trusted authority" dialog, but it does not crash. Android 2.1 probably does not support the root certificate for StartCom (which, if I am reading this correctly, is the authority in question).

According to this issue, StartCom's root cert was added in Android 2.2, and a quick test in a 4.0.3 emulator does not raise the error dialog.

What in Samsung Continuum SCH-i400 is so special that it fails only on this website and only with a WebKit-based browser?

Samsung perhaps tweaked something in the android.net packages and broke it, perhaps specifically tied to sketchy SSL certs. Any browser that would be based on WebView would run through the same code path; everyone who has their own HTML renderer might not, if they are handling SSL certs and such themselves.

What in WebKit is so special that it doesn't like the combination of Continuum+allrecipes.com.

Technically nothing, based on the stack trace. You will note that there is nothing specific to WebKit in there. This would be at most a WebKit-on-Android issue. And, as noted above, it's probably more peculiar to your Samsung.

Are there additional websites that trigger this behavior?

Find other ones with certs from smaller certificate authorities, perhaps.

Pomatum answered 5/7, 2012 at 23:1 Comment(3)
Thanks for a very thoughtful answer. Let me think about this new information that you provided before I can come up with new insights. BTW, my Continuum is running Android 2.2.Revivalist
@scatmoi: Well, the stock browser on the Android 2.2 emulator handles that URL without a hiccup, so I am still assuming this is a Samsung-specific issue.Pomatum
Thanks to @Corby the culprit has been found (Adobe's Omniture). But the question remains: Why only WebKit+Continuum? I think that your assumption that this is a Samsung-specific issue is right on target. It would be interesting to see if other Samsung devices exhibit the same problem.Revivalist
F
0

I'm not so sure it's a Samsung issue. Consider:

HTC One S with Android 4.0.3, loads the m.cycletrader.com home page with no issues but crashes the search results page on search. There is a flash of content and then what appears to be a refresh and then a white screen. If I wait long enough, I'll get an endless loop redirect notice.

Desktop browser (Firefox 25) using default user-agent string, loads the same home and search results pages with no issues.

Desktop browser (Firefox 25) using User-Agent Switcher to report as HTC Sensation (Android 4.0.3) loads the same home page with no issues but crashes the search results page on search - just like the actual smartphone. There is the initial flash of content, then a whitescreen, and no source code is retained by the browser for diagnostics and inspection. We initially thought a javascript document.write was the culprit but it is present and does not cause this problem for other user-agents.

The common denominator? Omniture. Disable Omniture on the search results page, the page loads with no issues. I wonder if Omniture is doing something hinky when it detects certain smartphones and perhaps, Android versions (v4.0.3 was given a clean bill of health earlier, but that was a year ago).

I'd like to get to the bottom of this so we can either fix whatever it is in our Omniture implementation or fire off a bug report so that Omniture is put on notice that their code is breaking our site (m.cycletrader.com).

Featherweight answered 21/11, 2013 at 14:23 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.