Bug #4548
Updated by Davide Pesavento about 6 years ago
The handler connected to the `Face::afterStateChange` signal blindly dereferences the pointer returned by `FaceTable::get()`, which may be null if the face has already been removed from the table. This can happen when `newState == CLOSED`. In practice, this doesn't cause a segfault crash because the dereferenced null pointer is not actually used in that case. Nevertheless, it's still undefined behavior.