Comment 8 for bug 420053

Revision history for this message
Martin Olsson (mnemo) wrote :

Here is a better gdb trace (with symbols) so we can see the exact line where the crash happens;
it's src/sm_process.c:324.

The offending code is:

    case SM_SaveComplete:

        if (!smcConn->save_yourself_in_progress)
        {
            _IceErrorBadState (iceConn, _SmcOpcode,
                SM_SaveComplete, IceCanContinue);
        }
        else
        {
            CHECK_SIZE_MATCH (iceConn, _SmcOpcode, opcode,
                length, SIZEOF (smSaveCompleteMsg),
                IceFatalToProtocol);

            smcConn->save_yourself_in_progress = False;

            (*smcConn->callbacks.save_complete.callback) (smcConn,
                smcConn->callbacks.save_complete.client_data);
        }
        break;

And the crash happens when the function pointer is called (last statement).