So what went wrong? Revisited


it faulted on the mov (298)
     290:       51                      push   %ecx
     291:       8b 54 24 08             mov    0x8(%esp,1),%edx
     295:       52                      push   %edx
     296:       57                      push   %edi
     297:       56                      push   %esi
     298:       8b 40 14                mov    0x14(%eax),%eax
     29b:       ff d0                   call   *%eax


 #define op_create_vi(vn,vi,is_affected,insert_size)
      item_ops[le_ih_k_type ((vi)->vi_ih)]->create_vi (vn,vi,is_affected,insert_size)


It's getting the address of the handler function from an array called item_ops, but it's basing the offset into that array on a pointer which could have failed without checking it.