Crash in webrtc::GetCandidatesByMindex

[bin...@outlook.com]

In my Windows native x64 WebRTC （M84） application, I noticed very randomly crash when establishing connection (it happens like 1 out of 100 attempts). I managed to capture a dump when the problem happened and the following is the callstack:

webrtc::GetCandidatesByMindex+0x4d (Inline Function @ 00007ffc`38b733dc)  [D:\projects\webrtc\webrtc-checkout\src\pc\webrtc_sdp.cc @ 851] 

webrtc::SdpSerialize+0xa44 [D:\projects\webrtc\webrtc-checkout\src\pc\webrtc_sdp.cc @ 943] 

webrtc::JsepSessionDescription::ToString+0x35 [D:\projects\webrtc\webrtc-checkout\src\pc\jsep_session_description.cc @ 294] 

mediasoupclient::PeerConnection::GetLocalDescription+0x51mediasoupclient::SendHandler::Send+0xbcb

mediasoupclient::SendTransport::Produce+0x2fe

MediaSoupContext::OpenCamera+0x1628 

OpenCamera+0x44 

The following is the related Webrtc source code 

// Get candidates according to the mline index from SessionDescriptionInterface.

static void GetCandidatesByMindex(const SessionDescriptionInterface& desci,

                                  int mline_index,

                                  std::vector<Candidate>* candidates) {

  if (!candidates) {

    return;

  }

  const IceCandidateCollection* cc = desci.candidates(mline_index);

  for (size_t i = 0; i < cc->count(); ++i) {

    const IceCandidateInterface* candidate = cc->at(i);

    candidates->push_back(candidate->candidate());  <====== candidate is a nullptr here

  }

}

0:027> dv

             cc = 0x000001af`a2e6fc50

              i = 0

      candidate = 0x00000000`00000000  <===== nullptr

0:027> dx Debugger.Sessions[0].Processes[40296].Threads[19148].Stack.Frames[0].SwitchTo();dv /t /v

Debugger.Sessions[0].Processes[40296].Threads[19148].Stack.Frames[0].SwitchTo()

@rdi              class webrtc::IceCandidateCollection * cc = 0x000001af`a2e6fc50

@r13              unsigned int64 i = 0

@rax              class webrtc::IceCandidateInterface * candidate = 0x00000000`00000000  <==== nullptr

0:027> u

00007ffc`38b733dc 488b10          mov     rdx,qword ptr [rax]   <===== trying to access the nullptr

00007ffc`38b733df ff5218          call    qword ptr [rdx+18h]

00007ffc`38b733e2 483bde          cmp     rbx,rsi

What the application was doing was trying to open a camera, and the pseudocode is like the following:

offer = pc->CreateOffer(options);

pc->SetLocalDescription(PeerConnection::SdpType::OFFER, offer);

localSdp = pc->GetLocalDescription();  <===== crash right here

Any advice how to fix the problem?

Thanks,

Bin