[gnome-remote-desktop] rdp: Retrieve frame members before stealing frame pointer

[Jonas Ådahl <jadahl src gnome org>]

commit bdc8d63bddf2ebb0da97e9277267b7398e49710e
Author: Pascal Nowack <Pascal Nowack gmx de>
Date:   Sat Apr 23 11:10:31 2022 +0200

    rdp: Retrieve frame members before stealing frame pointer
    
    When a frame only contains a pointer update, but no frame data, the
    pointer data is directly copied and the on_frame_ready() callback is
    directly executed.
    The callback and the callback user data are part of the frame, and the
    frame is an auto pointer.
    As a result, g_steal_pointer() needs to be used to not free the frame,
    when the pipewire buffers were chosen.
    However, g_steal_pointer() may be executed first, and in such case
    dereferencing the frame pointer to gain access to its members will fail
    and lead to a crash.
    
    To fix this issue, copy the pointer values of the members first, before
    stealing the pointer value of the frame.
    
    Fixes: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/96

 src/grd-rdp-pipewire-stream.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/src/grd-rdp-pipewire-stream.c b/src/grd-rdp-pipewire-stream.c
index 6e07b4cb..3281efb0 100644
--- a/src/grd-rdp-pipewire-stream.c
+++ b/src/grd-rdp-pipewire-stream.c
@@ -1017,8 +1017,10 @@ on_stream_process (void *user_data)
 
   if (!last_frame_buffer)
     {
-      frame->callback (stream, g_steal_pointer (&frame),
-                       TRUE, frame->callback_user_data);
+      GrdRdpFrameReadyCallback callback = frame->callback;
+      gpointer callback_user_data = frame->callback_user_data;
+
+      callback (stream, g_steal_pointer (&frame), TRUE, callback_user_data);
       return;
     }