ps: Fix crash in self-copy-overlap

According to valgrind, there is a use-after-free here. The function
_cairo_ps_surface_emit_surface() temporarily replaces some member of a
struct and then later re-sets it. However, there is an early return
possible that would skip that part of the code.

This commit moves the re-set up so that no freed pointers are left
behind. This seems to fix the crash.

Signed-off-by: Uli Schlachter <psychon@znc.in>

.gitlab-ci/ignore-ps2-argb32.txt

@@ -161,6 +161,7 @@ rounded-rectangle-fill
 rounded-rectangle-stroke
 scale-offset-image
 scale-offset-similar
+self-copy-overlap
 stroke-ctm-caps
 stroke-clipped
 stroke-image

.gitlab-ci/ignore-ps3-argb32.txt

@@ -172,6 +172,7 @@ rounded-rectangle-fill
 rounded-rectangle-stroke
 scale-offset-image
 scale-offset-similar
+self-copy-overlap
 stroke-ctm-caps
 stroke-clipped
 stroke-image

src/cairo-ps-surface.c

@@ -3713,11 +3713,11 @@ _cairo_ps_surface_emit_surface (cairo_ps_surface_t          *surface,
 
 	status = _cairo_memory_stream_destroy (surface->stream, &data, &length);
 	free (data);
+	surface->stream = old_stream;
 	if (unlikely (status))
 	    return status;
 
 	params->approx_size = length;
-	surface->stream = old_stream;
 	_cairo_pdf_operators_set_stream (&surface->pdf_operators,
 					 surface->stream);
     }