Program crash after Linphone is quickly hung up

From http://blog.csdn.net/firstime_tzjz/article/details/7838443

First case:

Step 1: The caller quickly hangs up after dialing the phone and does not receive a temporary response message from the server to invite. Therefore, the caller does not send a Cancel message when calling the exosip_call_terminate function, the call process is not actually completed.

Step 2: The caller enters the linphonecallend state after hanging up, and assigns the LC-> current_call value to null in the linphone_call_set_terminated function. After receiving the invite request forwarded by the server, the server starts to send the ringing message to the caller. However, the call status will not change because the linphone_call_set_state function checks the linphonecallend status at the beginning. After the call is selected, the server forwards the received message to the call. Similarly, the call status remains linphonecallend. However, the call process is not affected.
The new value in the call_accepted function is LC-> current_call. Now, the call process is established, so both parties can still make normal calls.

Step 3: When the caller calls again, the call is not re-established because LC-> current_call is detected in the linphone_core_invite_address_with_params function as it is not empty. If the caller calls the linphone_core_terminate_call function to end the call, the caller sends a bye message. When the caller receives the confirmation message called for bye (exosip_call_released), it enters the linphonecallreleased status and is in the linphone_call_set_state
Release call-> op in the function.

Step 4: When the caller calls the third call, because LC-> current_call is still not empty, the call will not be re-established. If the caller calls the linphone_core_terminate_call function again to end the call, when calling the sal_call_terminate function, the access to memory is invalid because the call-> op has been released, and the program crashes.

 

Case 2:

The caller calls customer service and quickly hangs up. Because the customer service calls are automatically answered, the server's temporary response message (100, 180 or 183) to invite and the final response message (200) arrive at the same time. The process for Linphone to receive and process messages is to first receive all received messages and put them in the message queue, and then process them one by one. This causes Linphone to mark the last message received as 200 OK. To solve the first crash, I added a check for the current call when processing the invite temporary response message, so there is no problem. Only the bye message is sent as needed. However, when 200 OK is processed
Call. Therefore, when calling the call_accepted function, the MSG is null after calling exosip_call_build_ack, resulting in a crash when calling the _ osip_list_set_empty function.