[gtk+] broadway: Fix possible access-after-free

[Alexander Larsson <alexl src gnome org>]

commit 54714cb22882ba97eb08a3b5eb0f0b0718a75665
Author: Alexander Larsson <alexl redhat com>
Date:   Wed Dec 19 21:57:58 2012 +0100

    broadway: Fix possible access-after-free
    
    We need to calculate the buf pointer after the realloc.

 gdk/broadway/broadway.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
---
diff --git a/gdk/broadway/broadway.c b/gdk/broadway/broadway.c
index d16111e..157b3c1 100644
--- a/gdk/broadway/broadway.c
+++ b/gdk/broadway/broadway.c
@@ -351,12 +351,12 @@ static void
 append_uint16 (BroadwayOutput *output, guint32 v)
 {
   gsize old_len = output->buf->len;
+  guint8 *buf;
 
   if (output->binary)
     {
-      guint8 *buf = (guint8 *)output->buf->str + old_len;
-
       g_string_set_size (output->buf, old_len + 2);
+      buf = (guint8 *)output->buf->str + old_len;
       buf[0] = (v >> 0) & 0xff;
       buf[1] = (v >> 8) & 0xff;
     }
@@ -371,12 +371,12 @@ static void
 append_uint32 (BroadwayOutput *output, guint32 v)
 {
   gsize old_len = output->buf->len;
+  guint8 *buf;
 
   if (output->binary)
     {
-      guint8 *buf = (guint8 *)output->buf->str + old_len;
-
       g_string_set_size (output->buf, old_len + 4);
+      buf = (guint8 *)output->buf->str + old_len;
       buf[0] = (v >> 0) & 0xff;
       buf[1] = (v >> 8) & 0xff;
       buf[2] = (v >> 16) & 0xff;