Segfault in _invoke_marshal_out_args due to incorrect child argument count

When trying to call libvte's "event_check_regex_simple" function, _invoke_marshal_out_args() segfaults. This function reuses the same length argument for both input and output arguments, here's the signature:

 * @terminal: a #VteTerminal
 * @event: a #GdkEvent
 * @regexes: (array length=n_regexes): an array of #VteRegex
 * @n_regexes: number of items in @regexes
 * @match_flags: PCRE2 match flags, or 0
 * @matches: (out caller-allocates) (array length=n_regexes): a location to store the matches

gboolean
vte_terminal_event_check_regex_simple(VteTerminal *terminal,
                                      GdkEvent *event,
                                      VteRegex **regexes,
                                      gsize n_regexes,
                                      guint32 match_flags,
                                      char **matches)

_invoke_marshal_out_args() tries to dereference a null pointer when looping over the argument list.

I've tried to debug the issue. I saw that tuple_len was bigger than it should, then I figured out that the cause was that cache->n_to_py_child_args was 0, while it should be 1 since that function did have an array length as an output argument.

I found that that value is normally incremented in pygi_arg_garray_len_arg_setup(), but there I also saw an early return in case the argument cache was already initialized. Since this is the case for "event_check_regex_simple" which reuses the length argument, this function returns before incrementing n_to_py_child_args, which in turn causes the marshaller to segfault.