From 4b2a60c73a1eca58ce5eec72d4c7eaf63aa3f90a Mon Sep 17 00:00:00 2001
From: Christian Hergert <chergert@redhat.com>
Date: Wed, 23 Jan 2019 19:08:49 -0800
Subject: [PATCH] gnetworkaddress: fix use-after-free for network address

This fixes an error where addr_enum can be used after finalization during
complete_queued_task().
---
 gio/gnetworkaddress.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/gio/gnetworkaddress.c b/gio/gnetworkaddress.c
index 1651f89ed..60736874e 100644
--- a/gio/gnetworkaddress.c
+++ b/gio/gnetworkaddress.c
@@ -1120,12 +1120,17 @@ on_address_timeout (gpointer user_data)
 {
   GNetworkAddressAddressEnumerator *addr_enum = user_data;
 
+  /* Upon completion it may get unref'd by the owner */
+  g_object_ref (addr_enum);
+
   /* If ipv6 didn't come in yet, just complete the task */
   if (addr_enum->queued_task != NULL)
     complete_queued_task (addr_enum, g_steal_pointer (&addr_enum->queued_task),
                           g_steal_pointer (&addr_enum->last_error));
 
   g_clear_pointer (&addr_enum->wait_source, g_source_unref);
+  g_object_unref (addr_enum);
+
   return G_SOURCE_REMOVE;
 }