[glib: 1/5] GMainContext - Fix GSource iterator if iteration can modify the list

[Philip Withnall <pwithnall src gnome org>]

commit b06c48de7554607ff3fb58d6c0510cfa5088e909
Author: Sebastian Dröge <sebastian centricular com>
Date:   Mon Feb 3 15:38:28 2020 +0200

    GMainContext - Fix GSource iterator if iteration can modify the list
    
    We first have to ref the next source and then unref the previous one.
    This might be the last reference to the previous source, and freeing the
    previous source might unref and free the next one which would then leave
    use with a dangling pointer here.
    
    Fixes https://gitlab.gnome.org/GNOME/glib/issues/2031

 glib/gmain.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)
---
diff --git a/glib/gmain.c b/glib/gmain.c
index 1b4260b11..0e65aac14 100644
--- a/glib/gmain.c
+++ b/glib/gmain.c
@@ -1004,13 +1004,17 @@ g_source_iter_next (GSourceIter *iter, GSource **source)
    * GSourceList to be removed from source_lists (if iter->source is
    * the only source in its list, and it is destroyed), so we have to
    * keep it reffed until after we advance iter->current_list, above.
+   *
+   * Also we first have to ref the next source before unreffing the
+   * previous one as unreffing the previous source can potentially
+   * free the next one.
    */
+  if (next_source && iter->may_modify)
+    g_source_ref (next_source);
 
   if (iter->source && iter->may_modify)
     g_source_unref_internal (iter->source, iter->context, TRUE);
   iter->source = next_source;
-  if (iter->source && iter->may_modify)
-    g_source_ref (iter->source);
 
   *source = iter->source;
   return *source != NULL;