sm-client: Crash when closing SmcConnection while IceConnection has already been closed on error

I've had a few crashes when finalizing XfceSMClient in xfce4-terminal, and I've just had one with xfce4-power-manager. This happens when, for some reason, an error has caused the call to xsmp_process_ice_messages() which closes the IceConnection, with this sequence of warnings (reported for xfce4-power-manager here, but which actually come from libxfce4ui):

déc. 03 10:51:54 pc xfce4-power-man[783]: ICE I/O Error
déc. 03 10:51:54 pc xfce4-power-man[783]: Disconnected from session manager.

When finalizing XfceSMClient after that, closing the SmcConnection causes a second closing of the IceConnection, which causes the crash:

Core was generated by `/opt/bin/xfce4-power-manager.orig'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f1acab02ad9 in _IceTransClose (ciptr=0x55bc9825f260) at /usr/include/X11/Xtrans/Xtrans.c:946
946	/usr/include/X11/Xtrans/Xtrans.c: Aucun fichier ou dossier de ce type.
[Current thread is 1 (Thread 0x7f1aca65fcc0 (LWP 783))]
(gdb) bt
#0  0x00007f1acab02ad9 in _IceTransClose (ciptr=0x55bc9825f260) at /usr/include/X11/Xtrans/Xtrans.c:946
#1  0x00007f1acab07395 in _IceFreeConnection (iceConn=0x55bc98198900) at /usr/src/debug/libice/libICE-1.1.1/src/shutdown.c:275
#2  0x00007f1acab0c713 in IceCloseConnection (iceConn=iceConn@entry=0x55bc98198900) at /usr/src/debug/libice/libICE-1.1.1/src/shutdown.c:231
#3  0x00007f1acb5b5057 in SmcCloseConnection (smcConn=0x55bc981f1830, count=count@entry=0, reasonMsgs=reasonMsgs@entry=0x0) at /usr/src/debug/libsm/libSM-1.2.4/src/sm_client.c:328
#4  0x00007f1accb1b9a6 in IA__xfce_sm_client_disconnect (sm_client=0x55bc9825f0a0 [XfceSMClient]) at xfce-sm-client.c:1740
#5  IA__xfce_sm_client_disconnect (sm_client=0x55bc9825f0a0 [XfceSMClient]) at xfce-sm-client.c:1726
#6  0x00007f1accb1ba80 in xfce_sm_client_finalize (obj=0x55bc9825f0a0 [XfceSMClient]) at xfce-sm-client.c:592
#7  0x00007f1acbc658b4 in g_object_unref (_object=0x55bc9825f0a0) at ../glib/gobject/gobject.c:3941
#8  g_object_unref (_object=0x55bc9825f0a0) at ../glib/gobject/gobject.c:3805
#9  0x000055bc96f3a760 in xfpm_manager_finalize (object=0x55bc9818dfa0 [XfpmManager]) at xfpm-manager.c:186
#10 0x00007f1acbc658b4 in g_object_unref (_object=0x55bc9818dfa0) at ../glib/gobject/gobject.c:3941
#11 g_object_unref (_object=0x55bc9818dfa0) at ../glib/gobject/gobject.c:3805
#12 0x000055bc96f3a544 in xfpm_start (bus=bus@entry=0x55bc9813d0c0 [GDBusConnection], client_id=0x0, dump=<optimized out>) at xfpm-main.c:247
#13 0x000055bc96f345a7 in main (argc=<optimized out>, argv=<optimized out>) at xfpm-main.c:459

I'm not sure our code is at fault here, perhaps in this case SmcCloseConnection() and/or IceCloseConnection() should behave differently. I'm not familiar with these specifications and the documentation doesn't allow me to be affirmative one way or the other:

• https://www.x.org/releases/X11R7.7/doc/libSM/SMlib.html
• https://www.x.org/releases/X11R7.7/doc/libICE/ICElib.html

It could also be related to this upstream issue: https://gitlab.freedesktop.org/xorg/lib/libice/-/issues/3