istream/ThreadIstream: avoid unlocked drained read after reschedule

Internal::Done() may reschedule a new worker run before evaluating the
EOF/disposal condition.  That condition read drained without holding
mutex, even though the new worker run can update drained under the
mutex concurrently.

Reorder the short-circuit condition so _again is tested first.  This
avoids touching drained on the rescheduled path and removes the data
race without changing the state machine.

Author: MaxKellermann

src/istream/ThreadIstream.cxx

@@ -237,7 +237,7 @@ ThreadIstream::Internal::Done() noexcept
 	auto &_istream = istream;
 
 	bool destroyed = false;
-	if (!has_input && input_empty && drained && !_again) {
+	if (!_again && !has_input && input_empty && drained) {
 		/* there is no more input and the filter's output
 		   buffers are drained: we don't need it anymore, we
 		   already have all we need */