Every WebKit-based browser crashes sites using Omniture. Why?

Question

Actually, a more accurate statement is:

Every WebKit-based browser crashes on http://m.allrecipes.com/ but only in a Samsung Continuum SCH-i400 phone.

I am trying to implement a WebView-based browser, mainly for learning purposes (there are way too many on the market, why add one?), and I was impressed by how quickly I could come up with a basic working one. I tested it on numerous sites on my Samsung Continuum phone and they all worked flawlessly, except for m.allrecipes.com .

Whenever I tried to load that web page, I received the following NullPointerException:

E/AndroidRuntime(3147): FATAL EXCEPTION: http10
E/AndroidRuntime(3147): java.lang.NullPointerException
E/AndroidRuntime(3147):     at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
E/AndroidRuntime(3147):     at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
E/AndroidRuntime(3147):     at android.net.http.Connection.openHttpConnection(Connection.java:358)
E/AndroidRuntime(3147):     at android.net.http.Connection.processRequests(Connection.java:219)
E/AndroidRuntime(3147):     at android.net.http.ConnectionThread.run(ConnectionThread.java:113)

Unable to find an explanation for this in my code, I tried to see how other browsers behave, on this Samsung Continuum phone, when accessing m.allrecipes.com:

The findings were very interesting: Dolphin, Opera, iBrowser and others had no problem whatsoever.

But Free Private Browser, Voice Browser and Easy Browser all crashed immediately upon accessing m.allrecipes.com with the same exact stack trace.

Thus, this problem is very easy to reproduce, if you can lay your hands on a Samsung Continuum SCH-i400 unit.

I know that the quickest and easiest way to solve this problem is by either using a different browser or getting rid of my phone. But I am looking to understand the source of the problem, because it may point out to potential problems down the road when using WebKit, possibly on other phones as well.

So my questions are basically:

1. What in m.allrecipes.com is so special that it triggers this WebKit+Continuum bug?
2. What in Samsung Continuum SCH-i400 is so special that it fails only on this website and only with a WebKit-based browser?
3. What in WebKit is so special that it doesn't like the combination of Continuum+allrecipes.com.
4. Are there additional websites that trigger this behavior?

Adding the log from Free Private Browser per @sarnold's suggestion:

:13.195: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 0, uniqueID = 1
:13.199: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 1, uniqueID = 2
:13.199: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 0, uniqueID = 3
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 1, uniqueID = 4
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 2, uniqueID = 5
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Serif, style = 3, uniqueID = 6
:13.207: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Mono, style = 0, uniqueID = 7
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Arabic, style = 0, uniqueID = 8
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Hebrew, style = 0, uniqueID = 9
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Thai, style = 0, uniqueID = 10
:13.211: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans, style = 0, uniqueID = 11
:13.215: D/SKIA_FONT(5973): load_system_fonts(), name = Droid Sans Fallback, style = 0, uniqueID = 12
:13.215: D/SKIA_FONT(5973): load_system_fonts(), oldSansUID = 0, newSansUID = 1
:13.215: D/SKIA_FONT(5973): load_system_fonts(), oldSansBoldUID = 0, newSansBoldUID = 2
:13.308: D/dalvikvm(5973): GC_EXTERNAL_ALLOC freed 3163 objects / 205880 bytes in 13ms
:13.566: I/Ads(5973): To get test ads on this device, call adRequest.addTestDevice("BE8FFE83C668E44B60E7CBD947D7D226");
:13.590: D/dalvikvm(5973): GC_FOR_MALLOC freed 7592 objects / 361280 bytes in 11ms
:13.597: I/Ads(5973): adRequestUrlHtml: <html><head><script src="http://media.admob.com/sdk-core-v40.js"></script><script>AFMA_buildAdURL({"preqs":0,"u_sd":1.375,"slotname":"a14c2366fe4baa1","u_w":349,"msid":"com.JamesBecwar.FreePrivateBrowser","cap":"m","js":"afma-sdk-a-v4.3.1","mv":"8013013.com.android.vending","isu":"BE8FFE83C668E44B60E7CBD947D7D226","cipa":0,"format":"320x50_mb","net":"wi","app_name":"28.android.com.JamesBecwar.FreePrivateBrowser","hl":"en","u_h":581,"u_audio":1});</script></head><body></body></html>
:14.211: W/webcore(5973): Can't get the viewWidth after the first layout
:14.640: I/Ads(5973): Received ad url: <"url": "http://googleads.g.doubleclick.net:80/mads/gma?preqs=0&u_sd=1.375&slotname=a14c2366fe4baa1&u_w=349&msid=com.JamesBecwar.FreePrivateBrowser&cap=m&js=afma-sdk-a-v4.3.1&mv=8013013.com.android.vending&isu=BE8FFE83C668E44B60E7CBD947D7D226&cipa=0&format=320x50_mb&net=wi&app_name=28.android.com.JamesBecwar.FreePrivateBrowser&hl=en&u_h=581&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=300&ex=1&client_sdk=1&pto=0&caps=interactiveVideo_clickTracking_sdkAdmobApiForAds&jsv=27", "afmaNotifyDt": "null">
:14.769: W/Ads(5973): IOException connecting to ad url.
:14.769: W/Ads(5973): java.net.ConnectException: googleads.g.doubleclick.net/127.0.0.1:80 - Connection refused
:14.769: W/Ads(5973):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:254)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:533)
:14.769: W/Ads(5973):   at java.net.Socket.connect(Socket.java:1074)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.<init>(HttpConnection.java:62)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnectionPool.get(HttpConnectionPool.java:88)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getHTTPConnection(HttpURLConnectionImpl.java:927)
:14.769: W/Ads(5973):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:909)
:14.769: W/Ads(5973):   at com.google.ads.b.run(SourceFile:280)
:14.769: W/Ads(5973):   at java.lang.Thread.run(Thread.java:1096)
:14.812: D/webviewglue(5973): nativeDestroy view: 0x324d00
:14.816: I/Ads(5973): onFailedToReceiveAd(A network error occurred.)
:15.574: D/dalvikvm(5973): GC_FOR_MALLOC freed 5178 objects / 598576 bytes in 25ms
:15.578: D/webviewglue(5973): nativeDestroy view: 0x2634a0
:17.351: I/Database(5973): sqlite returned: error code = 14, msg = cannot open file at source line 25467
:17.359: E/geolocationService(5973): Caught security exception registering for location updates from system. This should only happen in DumpRenderTree.
:41.011: D/dalvikvm(5973): GC_FOR_MALLOC freed 5959 objects / 981064 bytes in 15ms
:42.015: I/Web Console(5973): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:42.015: I/Web Console(5973): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:42.699: W/dalvikvm(5973): threadid=12: thread exiting with uncaught exception (group=0x4001d7f0)
:42.703: E/AndroidRuntime(5973): FATAL EXCEPTION: http1
:42.703: E/AndroidRuntime(5973): java.lang.NullPointerException
:42.703: E/AndroidRuntime(5973):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:42.703: E/AndroidRuntime(5973):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:42.703: E/AndroidRuntime(5973):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:42.703: E/AndroidRuntime(5973):    at android.net.http.Connection.processRequests(Connection.java:219)
:42.703: E/AndroidRuntime(5973):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)
:42.773: W/dalvikvm(5973): threadid=22: thread exiting with uncaught exception (group=0x4001d7f0)
:42.781: I/Process(5973): Sending signal. PID: 5973 SIG: 9

And the log from Voice Browser:

:44.226: I/dalvikvm(6273): Jit: resizing JitTable from 4096 to 8192
:44.226: D/dalvikvm(6273): GC_FOR_MALLOC freed 13956 objects / 744856 bytes in 29ms
:45.730: I/Web Console(6273): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:45.734: I/Web Console(6273): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:46.707: W/dalvikvm(6273): threadid=14: thread exiting with uncaught exception (group=0x4001d7f0)
:46.718: E/AndroidRuntime(6273): FATAL EXCEPTION: http2
:46.718: E/AndroidRuntime(6273): java.lang.NullPointerException
:46.718: E/AndroidRuntime(6273):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:46.718: E/AndroidRuntime(6273):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:46.718: E/AndroidRuntime(6273):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:46.718: E/AndroidRuntime(6273):    at android.net.http.Connection.processRequests(Connection.java:219)
:46.718: E/AndroidRuntime(6273):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)
:46.718: W/dalvikvm(6273): threadid=15: thread exiting with uncaught exception (group=0x4001d7f0)

And from Easy Browser:

:11.597: D/dalvikvm(6557): GC_FOR_MALLOC freed 10496 objects / 629992 bytes in 57ms
:11.605: D/webviewglue(6557): nativeDestroy view: 0x25c8e8
:11.609: W/IInputConnectionWrapper(6557): getCursorCapsMode on inactive InputConnection
:11.640: I/Ads(6557): adRequestUrlHtml: <html><head><script src="http://www.gstatic.com/afma/sdk-core-v40.js"></script><script>AFMA_buildAdURL({"preqs":1,"u_sd":1.375,"slotname":"a14f3f6bc126143","u_w":349,"msid":"easy.browser","cap":"m","js":"afma-sdk-a-v4.1.1","isu":"BE8FFE83C668E44B60E7CBD947D7D226","format":"320x50_mb","net":"wi","app_name":"23.android.easy.browser","hl":"en","u_h":581,"u_audio":1});</script></head><body></body></html>
:11.664: W/IInputConnectionWrapper(6557): getCursorCapsMode on inactive InputConnection
:11.730: W/IInputConnectionWrapper(6557): finishComposingText on inactive InputConnection
:11.867: W/webcore(6557): Can't get the viewWidth after the first layout
:12.051: I/Ads(6557): Received ad url: <"url": "http://googleads.g.doubleclick.net:80/mads/gma?preqs=1&u_sd=1.375&slotname=a14f3f6bc126143&u_w=349&msid=easy.browser&cap=m&js=afma-sdk-a-v4.1.1&isu=BE8FFE83C668E44B60E7CBD947D7D226&format=320x50_mb&net=wi&app_name=23.android.easy.browser&hl=en&u_h=581&u_audio=1&u_so=p&output=html&region=mobile_app&u_tz=300&ex=1&client_sdk=1&askip=1&caps=clickTracking_sdkAdmobApiForAds&jsv=27", "afmaNotifyDt": "null">
:12.086: W/Ads(6557): IOException connecting to ad url.
:12.086: W/Ads(6557): java.net.ConnectException: googleads.g.doubleclick.net/127.0.0.1:80 - Connection refused
:12.086: W/Ads(6557):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:254)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.net.PlainSocketImpl.connect(PlainSocketImpl.java:533)
:12.086: W/Ads(6557):   at java.net.Socket.connect(Socket.java:1074)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnection.<init>(HttpConnection.java:62)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpConnectionPool.get(HttpConnectionPool.java:88)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.getHTTPConnection(HttpURLConnectionImpl.java:927)
:12.086: W/Ads(6557):   at org.apache.harmony.luni.internal.net.www.protocol.http.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:909)
:12.086: W/Ads(6557):   at b.run(Unknown Source)
:12.086: W/Ads(6557):   at java.lang.Thread.run(Thread.java:1096)
:12.086: D/webviewglue(6557): nativeDestroy view: 0x382ff0
:12.086: I/Ads(6557): onFailedToReceiveAd(A network error occurred.)
:13.890: I/Web Console(6557): Omniture: s.t, instance: 1 at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:23
:13.894: I/Web Console(6557): [object Object] at http://images.media-allrecipes.com/js/omni/ar_s_code.js?v=5:24
:14.687: W/dalvikvm(6557): threadid=21: thread exiting with uncaught exception (group=0x4001d7f0)
:14.687: W/System.err(6557): java.lang.NullPointerException
:14.687: W/System.err(6557):    at android.net.http.CertificateChainValidator.doHandshakeAndValidateServerCertificates(CertificateChainValidator.java:194)
:14.687: W/System.err(6557):    at android.net.http.HttpsConnection.openConnection(HttpsConnection.java:308)
:14.687: W/System.err(6557):    at android.net.http.Connection.openHttpConnection(Connection.java:358)
:14.687: W/System.err(6557):    at android.net.http.Connection.processRequests(Connection.java:219)
:14.687: W/System.err(6557):    at android.net.http.ConnectionThread.run(ConnectionThread.java:113)

Answer 1

BTW, I presume that your Continuum is still running Android 2.1.

What in m.allrecipes.com is so special that it triggers this WebKit+Continuum bug?

In the Android 2.1 emulator, I get a "This certificate is not from a trusted authority" dialog, but it does not crash. Android 2.1 probably does not support the root certificate for StartCom (which, if I am reading this correctly, is the authority in question).

According to this issue, StartCom's root cert was added in Android 2.2, and a quick test in a 4.0.3 emulator does not raise the error dialog.

What in Samsung Continuum SCH-i400 is so special that it fails only on this website and only with a WebKit-based browser?

Samsung perhaps tweaked something in the android.net packages and broke it, perhaps specifically tied to sketchy SSL certs. Any browser that would be based on WebView would run through the same code path; everyone who has their own HTML renderer might not, if they are handling SSL certs and such themselves.

What in WebKit is so special that it doesn't like the combination of Continuum+allrecipes.com.

Technically nothing, based on the stack trace. You will note that there is nothing specific to WebKit in there. This would be at most a WebKit-on-Android issue. And, as noted above, it's probably more peculiar to your Samsung.

Are there additional websites that trigger this behavior?

Find other ones with certs from smaller certificate authorities, perhaps.