Fixed an "invalid read" in dicache (detected with valgrind)

 Invalid read of size 8
    at 0x426066: a_Dicache_cleanup (dicache.c:557)
    by 0x42421C: Cache_process_queue (cache.c:1261)
    by 0x42424B: Cache_delayed_process_queue_callback (cache.c:1278)
 Address 0x83ea120 is 96 bytes inside a block of size 104 free'd
    at 0x4C2870C: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x44CC43: dFree (dlib.c:68)
    by 0x42552D: Dicache_remove (dicache.c:207)

Simple way to reproduce it:
Load an html page with a single image, isolate image in new tab, reload
the raw image, close html tab, go for bookmarks, exit.

1 files changed, 6 insertions, 9 deletions

diff --git a/src/dicache.c b/src/dicache.c
index 2704da50..7f4cac85 100644
--- a/src/dicache.c
+++ b/src/dicache.c
@@ -548,24 +548,21 @@ void a_Dicache_cleanup(void)
 {
    int i;
    DICacheNode *node;
-   DICacheEntry *entry;
+   DICacheEntry *entry, *next;
 
    _MSG("a_Dicache_cleanup\n");
    for (i = 0; i < dList_length(CachedIMGs); ++i) {
       node = dList_nth_data(CachedIMGs, i);
       /* iterate each entry of this node */
-      for (entry = node->first; entry; entry = entry->next) {
+      for (entry = node->first; entry; entry = next) {
+         next = entry->next;
          if (entry->v_imgbuf &&
              a_Imgbuf_last_reference(entry->v_imgbuf)) {
             /* free this unused entry */
             _MSG("a_Dicache_cleanup: removing entry...\n");
-            if (entry->next) {
-               Dicache_remove(node->url, entry->version);
-            } else {
-               Dicache_remove(node->url, entry->version);
-               --i;
-               break;
-            }
+            Dicache_remove(node->url, entry->version);
+            if (!next && node != dList_nth_data(CachedIMGs, i))
+               --i; /* removed node, adjust counter */
          }
       }
    }