ws->header gets clobbered by writes #1
Description
The field ws->header is documented as "Header for received websocket frame", but it's also modified while sending a frame (both ws_msg_frame_data_begin and _ws_send_frame_raw replace its contents.)
I don't understand the flow of control of the whole library, but it looks as though, if read and write calls are interleaved, the read side will get confused because the write side has changed the header field. For example, _ws_read_websocket uses ws->header.payload_len to keep track of how many bytes still need to be read. If a partial frame is read, and then a frame is sent, then when the next part of the incoming frame is read, payload_len will be wrong (it will refer to the size of the outgoing frame.)
As far as I can tell, the way to fix this is to add a second ws_header_t field, and have all the sending functions use that one instead.