When the maximum cache limit is exceeded, I get a crash. This happens when deleting cache entries, because a reference to the url string object in the LRU list is used as a parameter to invalidateCacheEntry(), when called from makeRoomForNewEntry(). When the string is removed from the LRU list in makeRoomForNewEntry(), the string is deleted. Next, the string is accessed again to remove the url from the index, and we crash. This can be fixed by removing the string from the LRU list after it is removed from the index. Fixing the crash also revealed an infinite loop problem. If the url for some reason only exist in the LRU list, and not in the index, we will inifitely loop in makeRoomForNewEntry(), trying to remove this url from the cache, but never succeeding. This can be fixed by removing the url from the LRU list, also when it's not in the index.
Created attachment 231897 [details] Patch
Created attachment 231900 [details] Patch
Comment on attachment 231900 [details] Patch r=me
Comment on attachment 231900 [details] Patch Clearing flags on attachment: 231900 Committed r169249: <http://trac.webkit.org/changeset/169249>
All reviewed patches have been landed. Closing bug.
(In reply to comment #3) > (From update of attachment 231900 [details]) > r=me Thanks!