Comment 12 for bug 743530

I believe I've tracked it down. In sp-paint-server.cpp, the gobject type of the paint server is stored in painter->type. However painter->type is an enum. On 64-bit platforms, this enum is 32 bits wide. glib appears to be using some pointer masking for quick reference to certain gobject types. When it's shoved into the 32-bit field, the type reference is being truncated, causing glib to access unallocated memory when the mask is later reversed.

I believe this may supposed to be using SPPainter::server_type instead, which is a GType and looks to be otherwise unused.

The attached patch fixes the crash on my system (as well as the issue in bug #778441).