call: Fix race condition on stateChangedListeners_

Jamiaccount add a listener while the state is been changed.  This can result in
reallocation of the underlying vector while it's been iterated, resulting in a
read after free.

--------------------------------------------------------------------------------
==930034==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000991900
READ of size 8 at 0x603000991900 thread T1
#0 0x55555a8a6dcb in /ring-project/daemon/src/call.cpp:94
#1 0x55555a8c8483 in /usr/include/c++/11.1.0/bits/invoke.h:61
#2 0x55555a8c654a in /usr/include/c++/11.1.0/bits/invoke.h:111
#3 0x55555a8c4c4e in /usr/include/c++/11.1.0/bits/std_function.h:291
#4 0x55555a8d5102 in /usr/include/c++/11.1.0/bits/std_function.h:560
#5 0x55555a8af158 in /ring-project/daemon/src/call.cpp:270
#6 0x55555a8aff7a in /ring-project/daemon/src/call.cpp:296
#7 0x55555a8b987d in /ring-project/daemon/src/call.cpp:575
#8 0x55555a8b5067 in /ring-project/daemon/src/call.cpp:482
#9 0x55555a8c225b in /ring-project/daemon/src/manager.h:1047
#10 0x55555a8ca928 in /usr/include/c++/11.1.0/bits/invoke.h:61
#11 0x55555a8c88d8 in /usr/include/c++/11.1.0/bits/invoke.h:111
#12 0x55555a8c6878 in /usr/include/c++/11.1.0/bits/std_function.h:291
#13 0x555559cff4a8 in /usr/include/c++/11.1.0/bits/std_function.h:560
#14 0x55555aaae8a1 in /ring-project/daemon/src/scheduled_executor.cpp:137
#15 0x55555aaaaf8f in /ring-project/daemon/src/scheduled_executor.cpp:32
#16 0x55555aab4a2f in /usr/include/c++/11.1.0/bits/invoke.h:61
#17 0x55555aab48ea in /usr/include/c++/11.1.0/bits/invoke.h:96
#18 0x55555aab47bf in /usr/include/c++/11.1.0/bits/std_thread.h:253
#19 0x55555aab46f5 in /usr/include/c++/11.1.0/bits/std_thread.h:260
#20 0x55555aab46ad in /usr/include/c++/11.1.0/bits/std_thread.h:211
#21 0x7ffff45583c3 in /build/gcc/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
#22 0x7ffff649f258 in /usr/lib/libpthread.so.0+0x9258
#23 0x7ffff38e45e2 in /usr/lib/libc.so.6+0xfe5e2

0x603000991900 is located 0 bytes inside of 32-byte region [0x603000991900,0x603000991920)
freed by thread T0 here:
#0 0x7ffff769fd69 in /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cpp:172
#1 0x55555a1e3dc3 in /usr/include/c++/11.1.0/ext/new_allocator.h:139
#2 0x55555a18f942 in /usr/include/c++/11.1.0/bits/alloc_traits.h:492
#3 0x55555a12a9c1 in /usr/include/c++/11.1.0/bits/stl_vector.h:354
#4 0x55555a12b390 in /usr/include/c++/11.1.0/bits/vector.tcc:500
#5 0x55555a0e1a7c in /usr/include/c++/11.1.0/bits/vector.tcc:121
#6 0x55555a0b8c40 in /ring-project/daemon/src/call.h:286
#7 0x555559f43b69 in /usr/include/c++/11.1.0/bits/jamiaccount.cpp:675
#8 0x555559f3bf91 in /usr/include/c++/11.1.0/bits/jamiaccount.cpp:483
#9 0x555559f39cb7 in /usr/include/c++/11.1.0/bits/jamiaccount.cpp:449
#10 0x55555a838f0e in /ring-project/daemon/src/manager.cpp:3350
#11 0x55555a7f7aef in /ring-project/daemon/src/manager.cpp:1015
#12 0x555559d3c828 in /usr/include/c++/11.1.0/callmanager.cpp:67
#13 0x555559c70b5a in /ring-project/daemon/bin/dring+0x471cb5a
#14 0x555559c7b71a in /ring-project/daemon/bin/dring+0x472771a
#15 0x555559c943af in /ring-project/daemon/bin/dring+0x47403af
#16 0x555559d06102 in /ring-project/daemon/bin/dring+0x47b2102

previously allocated by thread T0 here:
#0 0x7ffff769eca1 in /build/gcc/src/gcc/libsanitizer/asan/asan_new_delete.cpp:99
#1 0x55555a21b9e8 in /usr/include/c++/11.1.0/ext/new_allocator.h:121
#2 0x55555a1e4083 in /usr/include/c++/11.1.0/bits/alloc_traits.h:460
#3 0x55555a190197 in /usr/include/c++/11.1.0/bits/stl_vector.h:346
#4 0x55555a12af48 in /usr/include/c++/11.1.0/bits/vector.tcc:440
#5 0x55555a0e1a7c in /usr/include/c++/11.1.0/bits/vector.tcc:121
#6 0x55555a0b8c40 in /ring-project/daemon/src/call.h:286
#7 0x55555a8aaaaa in /ring-project/daemon/src/call.cpp:92
#8 0x55555abcb76d in /usr/include/c++/11.1.0/bits/sipcall.cpp:89
#9 0x55555a7c3341 in /usr/include/c++/11.1.0/ext/new_allocator.h:156
#10 0x55555a7c2185 in /usr/include/c++/11.1.0/bits/alloc_traits.h:512
#11 0x55555a7bfe6d in /usr/include/c++/11.1.0/bits/shared_ptr_base.h:519
#12 0x55555a7bcaa4 in /usr/include/c++/11.1.0/bits/shared_ptr_base.h:650
#13 0x55555a7b85e1 in /usr/include/c++/11.1.0/bits/shared_ptr_base.h:1337
#14 0x55555a7b2d2c in /usr/include/c++/11.1.0/bits/shared_ptr.h:409
#15 0x55555a7af189 in /usr/include/c++/11.1.0/bits/shared_ptr.h:861
#16 0x55555a7abce0 in /usr/include/c++/11.1.0/bits/shared_ptr.h:877
#17 0x55555a7a4782 in /ring-project/daemon/src/call_factory.cpp:54
#18 0x555559f39b16 in /usr/include/c++/11.1.0/bits/jamiaccount.cpp:445
#19 0x55555a838f0e in /ring-project/daemon/src/manager.cpp:3350
#20 0x55555a7f7aef in /ring-project/daemon/src/manager.cpp:1015
#21 0x555559d3c828 in /usr/include/c++/11.1.0/callmanager.cpp:67
#22 0x555559c70b5a in /ring-project/daemon/bin/dring+0x471cb5a
#23 0x555559c7b71a in /ring-project/daemon/bin/dring+0x472771a
#24 0x555559c943af in /ring-project/daemon/bin/dring+0x47403af
#25 0x555559d06102 in /ring-project/daemon/bin/dring+0x47b2102

Thread T1 created by T0 here:
(...)
#2 0x55555aaab6bd in /ring-project/daemon/src/scheduled_executor.cpp:27
#3 0x55555a7e61b3 in /ring-project/daemon/src/manager.cpp:456
#4 0x55555a7eea6c in /ring-project/daemon/src/manager.cpp:736
#5 0x55555a7ee39f in /ring-project/daemon/src/manager.cpp:711
#6 0x555559d3b25f in /ring-project/daemon/src/ring_api.cpp:57
#7 0x555559ae17db in /ring-project/daemon/bin/dring+0x458d7db
#8 0x555559ad1285 in /ring-project/daemon/bin/dring+0x457d285
#9 0x555559acf5e1 in /ring-project/daemon/bin/dring+0x457b5e1
#10 0x555559acf292 in /ring-project/daemon/bin/dring+0x457b292
#11 0x555559ace828 in /ring-project/daemon/bin/dring+0x457a828
#12 0x555559acdb01 in /ring-project/daemon/bin/dring+0x4579b01
#13 0x555559acd33f in /ring-project/daemon/bin/dring+0x457933f
#14 0x555559acbc8d in /ring-project/daemon/bin/dring+0x4577c8d
#15 0x555559aca91b in /ring-project/daemon/bin/dring+0x457691b
#16 0x555559ac8eec in /ring-project/daemon/bin/dring+0x4574eec
#17 0x555559ac693b in /ring-project/daemon/bin/dring+0x457293b
#18 0x7ffff380db24 in /usr/lib/libc.so.6+0x27b24

SUMMARY: AddressSanitizer: heap-use-after-free /ring-project/daemon/src/call.cpp:94 in operator()
Shadow bytes around the buggy address:
  0x0c068012a2d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068012a2e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068012a2f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068012a300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa 00 00
  0x0c068012a310: 00 00 fa fa fa fa fa fa fa fa 00 00 01 fa fa fa
=>0x0c068012a320:[fd]fd fd fd fa fa 00 00 00 07 fa fa fa fa fa fa
  0x0c068012a330: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
  0x0c068012a340: fd fa fa fa 00 00 01 fa fa fa fa fa fa fa fa fa
  0x0c068012a350: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068012a360: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c068012a370: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:   00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:   fa
  Freed heap region:   fd
  Stack left redzone:  f1
  Stack mid redzone:   f2
  Stack right redzone: f3
  Stack after return:  f5
  Stack use after scope:   f8
  Global redzone:  f9
  Global init order:   f6
  Poisoned by user:f7
  Container overflow:  fc
  Array cookie:ac
  Intra object redzone:bb
  ASan internal:   fe
  Left alloca redzone: ca
  Right alloca redzone:cb
  Shadow gap:  cc
==930034==ABORTING
--------------------------------------------------------------------------------

Change-Id: I23b4d1017b53a2d7fe224c92527254015e853168

src/call.h

@@ -283,6 +283,7 @@ public:
 
     void addStateListener(StateListenerCb&& listener)
     {
+        std::lock_guard<std::recursive_mutex> lk {callMutex_};
         stateChangedListeners_.emplace_back(std::move(listener));
     }