[gnome-remote-desktop] vnc: Retrieve frame members before stealing frame pointer

[Jonas Ådahl <jadahl src gnome org>]

commit b7b0597ba59072b718a78760c2732e64e080b4bf
Author: Pascal Nowack <Pascal Nowack gmx de>
Date:   Sat Apr 23 11:11:39 2022 +0200

    vnc: Retrieve frame members before stealing frame pointer
    
    When a frame only contains a pointer update, but no frame data, the
    pointer data is directly copied and the on_frame_ready() callback is
    directly executed.
    The callback and the callback user data are part of the frame, and the
    frame is an auto pointer.
    As a result, g_steal_pointer() needs to be used to not free the frame,
    when the pipewire buffers were chosen.
    However, g_steal_pointer() may be executed first, and in such case
    dereferencing the frame pointer to gain access to its members will fail
    and lead to a crash.
    
    To fix this issue, copy the pointer values of the members first, before
    stealing the pointer value of the frame.
    
    Fixes: https://gitlab.gnome.org/GNOME/gnome-remote-desktop/-/issues/96

 src/grd-vnc-pipewire-stream.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)
---
diff --git a/src/grd-vnc-pipewire-stream.c b/src/grd-vnc-pipewire-stream.c
index cc1a29b9..874ba290 100644
--- a/src/grd-vnc-pipewire-stream.c
+++ b/src/grd-vnc-pipewire-stream.c
@@ -664,8 +664,10 @@ on_stream_process (void *user_data)
 
   if (!last_frame_buffer)
     {
-      frame->callback (stream, g_steal_pointer (&frame),
-                       TRUE, frame->callback_user_data);
+      GrdVncFrameReadyCallback callback = frame->callback;
+      gpointer callback_user_data = frame->callback_user_data;
+
+      callback (stream, g_steal_pointer (&frame), TRUE, callback_user_data);
       return;
     }