[gtk/4.0-backports: 5/53] Avoid a heap-use-after-free

[Matthias Clasen <matthiasc src gnome org>]

commit 73617ee42217b0f540d2bd4f6dc70919c22707c0
Author: Matthias Clasen <mclasen redhat com>
Date:   Fri Jan 22 11:37:20 2021 -0500

    Avoid a heap-use-after-free
    
    _gtk_gesture_cancel_sequence frees the struct pointed to by data,
    so don't write to it afterwards. Found by asan.

 gtk/gtkgesture.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
---
diff --git a/gtk/gtkgesture.c b/gtk/gtkgesture.c
index 802309c43d..130c4265cf 100644
--- a/gtk/gtkgesture.c
+++ b/gtk/gtkgesture.c
@@ -991,6 +991,7 @@ gtk_gesture_set_sequence_state (GtkGesture            *gesture,
 {
   GtkGesturePrivate *priv;
   PointData *data;
+  GtkEventSequenceState current_state;
 
   g_return_val_if_fail (GTK_IS_GESTURE (gesture), FALSE);
   g_return_val_if_fail (state >= GTK_EVENT_SEQUENCE_NONE &&
@@ -1014,11 +1015,13 @@ gtk_gesture_set_sequence_state (GtkGesture            *gesture,
       data->state != GTK_EVENT_SEQUENCE_NONE)
     return FALSE;
 
+  current_state = data->state;
+  data->state = state;
+
   if (state == GTK_EVENT_SEQUENCE_DENIED &&
-      data->state == GTK_EVENT_SEQUENCE_CLAIMED)
+      current_state == GTK_EVENT_SEQUENCE_CLAIMED)
     _gtk_gesture_cancel_sequence (gesture, sequence);
 
-  data->state = state;
   gtk_widget_cancel_event_sequence (gtk_event_controller_get_widget (GTK_EVENT_CONTROLLER (gesture)),
                                     gesture, sequence, state);
   g_signal_emit (gesture, signals[SEQUENCE_STATE_CHANGED], 0,