How to reproduce:
- Alice begin call to Bob and Bob begin call to Alice simultaneously.
- Alice pressed hangup button and get crash.
- Bob pressed hangup button and get crash.
Root of problem:
in file msi.c, in function handle_init FAILURE occurred. This mean unexpected kill_call called. So, MSICall object suddenly destroyed. Now we get dead pointer: ToxAV->calls[friend_number].msi_call
And final action: toxav_call_control get this pointer by call_get and crashed.
How to reproduce:
Root of problem:
in file msi.c, in function handle_init FAILURE occurred. This mean unexpected kill_call called. So, MSICall object suddenly destroyed. Now we get dead pointer: ToxAV->calls[friend_number].msi_call
And final action: toxav_call_control get this pointer by call_get and crashed.