viewer: Fix double free caused by ScrollView::MessageReceiver

waiting_for_events takes ownership of the passed event which is later
deleted. Since we use unique_ptr::get() to acquire the pointer, we cause
double free: one free happens in the code path where the event from
waiting_for_events goes and the other free happens in unique_ptr
destructor.

The fix is to move ownership out of unique_ptr by unique_ptr::release().

Fixes: #3869
Fixes: 37b3374

src/viewer/scrollview.cpp

@@ -158,13 +158,13 @@ void ScrollView::MessageReceiver() {
                                                                     SVET_ANY);
       waiting_for_events_mu->lock();
       if (waiting_for_events.count(awaiting_list) > 0) {
-        waiting_for_events[awaiting_list].second = cur.get();
+        waiting_for_events[awaiting_list].second = cur.release();
         waiting_for_events[awaiting_list].first->Signal();
       } else if (waiting_for_events.count(awaiting_list_any) > 0) {
-        waiting_for_events[awaiting_list_any].second = cur.get();
+        waiting_for_events[awaiting_list_any].second = cur.release();
         waiting_for_events[awaiting_list_any].first->Signal();
       } else if (waiting_for_events.count(awaiting_list_any_window) > 0) {
-        waiting_for_events[awaiting_list_any_window].second = cur.get();
+        waiting_for_events[awaiting_list_any_window].second = cur.release();
         waiting_for_events[awaiting_list_any_window].first->Signal();
       }
       waiting_for_events_mu->unlock();