g_return_if_fail error when unref'ing sim_slots from list_sim_slots_context_free() in mm-modem.c

Using libmm-glib 1.18.2 and ModemManager 1.18.2, I get this critical message from the system.

(async-proto:103573): GLib-CRITICAL **: 00:10:07.257: g_ptr_array_unref: assertion 'array' failed

Using gdb, the backtrace is:

(gdb) bt
#0  0x00007ffff7eb27d0 in g_ptr_array_unref () at /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007ffff7de6039 in list_sim_slots_context_free (ctx=0x5555555695a0) at ../libmm-glib/mm-modem.c:2929
#2  0x00007ffff7c60272 in  () at /lib/x86_64-linux-gnu/libgio-2.0.so.0
#3  0x00007ffff7b64d0e in g_object_unref () at /lib/x86_64-linux-gnu/libgobject-2.0.so.0
#4  0x00007ffff7de60ea in create_next_sim (task=<optimized out>) at ../libmm-glib/mm-modem.c:3008
#5  0x00007ffff7de62a8 in modem_list_sim_slots_build_object_ready (connection=<optimized out>, res=<optimized out>, task=0x555555583900)
    at ../libmm-glib/mm-modem.c:2992

When using mm_modem_list_sim_slots(), the function create_next_sim() calls g_steal_pointer(ctx->sim_slots) then calls g_object_unref(task). The g_steal_pointer zeros out the sim_slots member, so the g_ptr_array_unref will always fail.

3005	    if (ctx->i == ctx->n_sim_paths) {
3006	        g_assert_cmpuint (ctx->n_sim_paths, ==, ctx->sim_slots->len);
3007	        g_task_return_pointer (task, g_steal_pointer (&ctx->sim_slots), (GDestroyNotify)g_ptr_array_unref);
3008	        g_object_unref (task);
3009	        return;

The task destructor list_sim_slots_context_free() calls g_ptr_array_unref(ctx->sim_slots), but sim_slots has been set to 0 by the g_steal_pointer call.

Need to add check in list_sim_slots_context_free() for non-null sim_slots member before calling g_object_unref().