[telepathy-glib/master] fd.o #22182: fix a potential use-after-free in the callable example CM

[Simon McVittie]

In some environments (I'm not sure why my laptop isn't among them),
closing the stream causes the channel to remove the last ref to the
stream, resulting in a use-after-free and a possible segfault.

This could be avoided by holding another ref for the duration of
example_callable_media_stream_close, but Sjoerd and I agreed that this
simpler fix (re-ordering to put the possible free last) was more
appropriate.

Reviewed-by: Guillaume Desmottes <guillaume.desmottes at collabora.co.uk>
---
 examples/cm/callable/media-stream.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/examples/cm/callable/media-stream.c b/examples/cm/callable/media-stream.c
index 1177064..3290029 100644
--- a/examples/cm/callable/media-stream.c
+++ b/examples/cm/callable/media-stream.c
@@ -389,12 +389,14 @@ example_callable_media_stream_close (ExampleCallableMediaStream *self)
       g_message ("Sending to server: Closing stream %u",
           self->priv->id);
 
-      g_signal_emit (self, signals[SIGNAL_REMOVED], 0);
-
       if (self->priv->connected_event_id != 0)
         {
           g_source_remove (self->priv->connected_event_id);
         }
+
+      /* this has to come last, because the MediaChannel may unref us in
+       * response to the removed signal */
+      g_signal_emit (self, signals[SIGNAL_REMOVED], 0);
     }
 }
 
-- 
1.5.6.5