lib: Fix use after free

_thread_set_subject_from_message sometimes replaces the subject, making the
cur_subject point to free'd memory

==6550== ERROR: AddressSanitizer: heap-use-after-free on address 0x601a0000bec0 at pc 0x4464a4 bp 0x7fffa40be910 sp 0x7fffa40be908
READ of size 1 at 0x601a0000bec0 thread T0
    #0 0x4464a3 in _thread_add_matched_message /home/todd/.apps/notmuch/lib/thread.cc:369
    #1 0x443c2c in notmuch_threads_get /home/todd/.apps/notmuch/lib/query.cc:496
    #2 0x41d947 in do_search_threads /home/todd/.apps/notmuch/notmuch-search.c:131
    #3 0x40a3fe in main /home/todd/.apps/notmuch/notmuch.c:345
    #4 0x7f4e535b4ec4 in __libc_start_main /build/buildd/eglibc-2.19/csu/libc-start.c:287
    #5 0x40abe6 in _start ??:?
0x601a0000bec0 is located 96 bytes inside of 134-byte region [0x601a0000be60,0x601a0000bee6)
freed by thread T0 here:
    #0 0x7f4e54e6933a in __interceptor_free ??:?
    #1 0x7f4e54482fab in _talloc_free ??:?
previously allocated by thread T0 here:
    #0 0x7f4e54e6941a in malloc ??:?
    #1 0x7f4e54485b5d in talloc_strdup ??:?

1 files changed, 1 insertions, 2 deletions

diff --git a/lib/thread.cc b/lib/thread.cc
index 4c49f980..9847cf8b 100644
--- a/lib/thread.cc
+++ b/lib/thread.cc
@@ -353,10 +353,8 @@ _thread_add_matched_message (notmuch_thread_t *thread,
 {
     time_t date;
     notmuch_message_t *hashed_message;
-    const char *cur_subject;
 
     date = notmuch_message_get_date (message);
-    cur_subject = notmuch_thread_get_subject(thread);
 
     if (date < thread->oldest || ! thread->matched_messages) {
 	thread->oldest = date;
@@ -366,6 +364,7 @@ _thread_add_matched_message (notmuch_thread_t *thread,
 
     if (date > thread->newest || ! thread->matched_messages) {
 	thread->newest = date;
+	const char *cur_subject = notmuch_thread_get_subject(thread);
 	if (sort != NOTMUCH_SORT_OLDEST_FIRST || EMPTY_STRING(cur_subject))
 	    _thread_set_subject_from_message (thread, message);
     }