RESOLVED FIXED 133185
[Curl] Crash when exceeding maximum cache limit. 
https://bugs.webkit.org/show_bug.cgi?id=133185
Summary [Curl] Crash when exceeding maximum cache limit.
peavo
Reported 2014-05-22 10:53:45 PDT
When the maximum cache limit is exceeded, I get a crash. This happens when deleting cache entries, because a reference to the url string object in the LRU list is used as a parameter to invalidateCacheEntry(), when called from makeRoomForNewEntry(). When the string is removed from the LRU list in makeRoomForNewEntry(), the string is deleted. Next, the string is accessed again to remove the url from the index, and we crash. This can be fixed by removing the string from the LRU list after it is removed from the index. Fixing the crash also revealed an infinite loop problem. If the url for some reason only exist in the LRU list, and not in the index, we will inifitely loop in makeRoomForNewEntry(), trying to remove this url from the cache, but never succeeding. This can be fixed by removing the url from the LRU list, also when it's not in the index.
Attachments
Patch (2.77 KB, patch)
2014-05-22 11:03 PDT, peavo 		no flags
DetailsFormatted DiffDiff
Patch (2.77 KB, patch)
2014-05-22 11:28 PDT, peavo 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
peavo
Comment 1 2014-05-22 11:03:45 PDT
Created attachment 231897 [details] Patch
peavo
Comment 2 2014-05-22 11:28:43 PDT
Created attachment 231900 [details] Patch
Brent Fulgham
Comment 3 2014-05-22 23:06:35 PDT
Comment on attachment 231900 [details] Patch r=me
WebKit Commit Bot
Comment 4 2014-05-22 23:36:33 PDT
Comment on attachment 231900 [details] Patch Clearing flags on attachment: 231900 Committed r169249: <http://trac.webkit.org/changeset/169249>
WebKit Commit Bot
Comment 5 2014-05-22 23:36:35 PDT
All reviewed patches have been landed. Closing bug.
peavo
Comment 6 2014-05-22 23:40:16 PDT
(In reply to comment #3) > (From update of attachment 231900 [details]) > r=me Thanks!
Note You need to log in before you can comment on or make changes to this bug.