call: fix heap-buffer-overflow in prack_handler

[sreimers]

We had some strange selftest CI errors sometimes, looks like these are related to this heap-buffer-overflow:

SUMMARY: AddressSanitizer: heap-buffer-overflow src/call.c:2024:25 in prack_handler

Found by:
make CC=clang EXTRA_CFLAGS="-fsanitize=address" EXTRA_LFLAGS="-fsanitize=address"

Related: #1973 (comment)

CC: @cspiel1 @maximilianfridrich

[cspiel1]

Thanks! We will analyse this on Monday.

[sreimers]

My PR does not fix the heap-buffer-overflow, which makes sense, since its not a null pointer dereference.
Looks like call->early_confirmed writes to a dereferenced object (dangling call pointer).

[ RUN      ] test_call_answer_hangup_a
==175531==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x615000004b5c at pc 0x55eb612f853f bp 0x7ffcacefa580 sp 0x7ffcacefa578
WRITE of size 1 at 0x615000004b5c thread T0
    #0 0x55eb612f853e in prack_handler baresip/src/call.c:2027:25
    #1 0x55eb6146467a in resp_handler re/src/sipsess/prack.c:84:3
    #2 0x55eb6143b10f in terminate re/src/sip/request.c:107:3
    #3 0x55eb6143a698 in response_handler re/src/sip/request.c:156:2
    #4 0x55eb6152b04c in response_handler re/src/sip/ctrans.c:292:4
    #5 0x55eb614465c0 in sip_recv re/src/sip/transp.c:357:7
    #6 0x55eb614407ef in udp_recv_handler re/src/sip/transp.c:431:2
    #7 0x55eb614d7507 in udp_read re/src/udp/udp.c:244:2
    #8 0x55eb614d5d5e in udp_read_handler re/src/udp/udp.c:257:2
    #9 0x55eb6150ca61 in fd_poll re/src/main/main.c:916:4
    #10 0x55eb6150abda in re_main re/src/main/main.c:1096:9
    #11 0x55eb612cc576 in re_main_timeout baresip/test/test.c:39:2
    #12 0x55eb6128c2e6 in test_call_answer_hangup_a baresip/test/call.c:518:8
    #13 0x55eb612cd969 in run_tests baresip/test/main.c:100:9
    #14 0x55eb612cd310 in main baresip/test/main.c:276:9
    #15 0x7f850803228f  (/usr/lib/libc.so.6+0x2928f) (BuildId: 60df1df31f02a7b23da83e8ef923359885b81492)
    #16 0x7f8508032349 in __libc_start_main (/usr/lib/libc.so.6+0x29349) (BuildId: 60df1df31f02a7b23da83e8ef923359885b81492)
    #17 0x55eb6118b4a4 in _start /build/glibc/src/glibc/csu/../sysdeps/x86_64/start.S:115

0x615000004b5c is located 36 bytes to the left of 488-byte region [0x615000004b80,0x615000004d68)
allocated by thread T0 here:
    #0 0x55eb61240379 in malloc (baresip/selftest+0x1b9379)
    #8 0x55eb614d5d5e in udp_read_handler re/src/udp/udp.c:257:2                                     [14/4451]
    #9 0x55eb6150ca61 in fd_poll re/src/main/main.c:916:4                                                     
    #10 0x55eb6150abda in re_main re/src/main/main.c:1096:9                                                   
    #11 0x55eb612cc576 in re_main_timeout baresip/test/test.c:39:2                                            
    #12 0x55eb6128c2e6 in test_call_answer_hangup_a baresip/test/call.c:518:8                                 
    #13 0x55eb612cd969 in run_tests baresip/test/main.c:100:9                                                 
    #14 0x55eb612cd310 in main baresip/test/main.c:276:9                                                      
    #15 0x7f850803228f  (/usr/lib/libc.so.6+0x2928f) (BuildId: 60df1df31f02a7b23da83e8ef923359885b81492)                                                    
    #16 0x7f8508032349 in __libc_start_main (/usr/lib/libc.so.6+0x29349) (BuildId: 60df1df31f02a7b23da83e8ef923359885b81492)                                
    #17 0x55eb6118b4a4 in _start /build/glibc/src/glibc/csu/../sysdeps/x86_64/start.S:115                                                                   
                                                                                                                                                            
0x615000004b5c is located 36 bytes to the left of 488-byte region [0x615000004b80,0x615000004d68)                                                           
allocated by thread T0 here:                                                                                                                                
    #0 0x55eb61240379 in malloc (baresip/selftest+0x1b9379)                                                   
    #1 0x55eb6150e6d0 in mem_alloc re/src/mem/mem.c:166:6                                                     
    #2 0x55eb6150ea1c in mem_zalloc re/src/mem/mem.c:198:6
    #3 0x55eb614584e3 in sipsess_alloc re/src/sipsess/sess.c:170:9
    #4 0x55eb61459ebc in sipsess_accept re/src/sipsess/accept.c:81:8
    #5 0x55eb612f5e37 in call_accept baresip/src/call.c:2172:8
    #6 0x55eb6132a95f in sipsess_conn_handler baresip/src/ua.c:740:8
    #7 0x55eb614602ff in invite_handler re/src/sipsess/listen.c:276:2
    #8 0x55eb6145f707 in request_handler re/src/sipsess/listen.c:289:4
    #9 0x55eb614465c0 in sip_recv re/src/sip/transp.c:357:7
    #10 0x55eb614407ef in udp_recv_handler re/src/sip/transp.c:431:2
    #11 0x55eb614d7507 in udp_read re/src/udp/udp.c:244:2
    #12 0x55eb614d5d5e in udp_read_handler re/src/udp/udp.c:257:2
    #13 0x55eb6150ca61 in fd_poll re/src/main/main.c:916:4
    #14 0x55eb6150abda in re_main re/src/main/main.c:1096:9
    #15 0x55eb612cc576 in re_main_timeout baresip/test/test.c:39:2
    #16 0x55eb6128c2e6 in test_call_answer_hangup_a baresip/test/call.c:518:8
    #17 0x55eb612cd969 in run_tests baresip/test/main.c:100:9
    #18 0x55eb612cd310 in main baresip/test/main.c:276:9
    #19 0x7f850803228f  (/usr/lib/libc.so.6+0x2928f) (BuildId: 60df1df31f02a7b23da83e8ef923359885b81492)

SUMMARY: AddressSanitizer: heap-buffer-overflow baresip/src/call.c:2027:25 in prack_handler