[glib/wip/chergert/fix-network-address-crash] gnetworkaddress: fix use-after-free for network address

[Christian Hergert <chergert src gnome org>]

commit 1409f8076cecedfb4e594cad4beb11a27563de34
Author: Christian Hergert <chergert redhat com>
Date:   Wed Jan 23 19:08:49 2019 -0800

    gnetworkaddress: fix use-after-free for network address
    
    This fixes an error where addr_enum can be used after finalization during
    complete_queued_task(). It steals the GSource to keep it alive and then
    releases it at the end.

 gio/gnetworkaddress.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
---
diff --git a/gio/gnetworkaddress.c b/gio/gnetworkaddress.c
index 1651f89ed..6dcca6267 100644
--- a/gio/gnetworkaddress.c
+++ b/gio/gnetworkaddress.c
@@ -1119,13 +1119,18 @@ static int
 on_address_timeout (gpointer user_data)
 {
   GNetworkAddressAddressEnumerator *addr_enum = user_data;
+  GSource *wait_source;
+
+  /* Steal source before tasks can complete/finalize them */
+  wait_source = g_steal_pointer (&addr_enum->wait_source);
 
   /* If ipv6 didn't come in yet, just complete the task */
   if (addr_enum->queued_task != NULL)
     complete_queued_task (addr_enum, g_steal_pointer (&addr_enum->queued_task),
                           g_steal_pointer (&addr_enum->last_error));
 
-  g_clear_pointer (&addr_enum->wait_source, g_source_unref);
+  g_clear_pointer (&wait_source, g_source_unref);
+
   return G_SOURCE_REMOVE;
 }