==4807==ERROR: AddressSanitizer: heap-use-after-free on address 0x60600048bc12 at pc 0x0001023a918a bp 0x700007ba3110 sp 0x700007ba3108
READ of size 1 at 0x60600048bc12 thread T6
    #0 0x1023a9189 in Scumm::Player_AD::updateSlot(Scumm::Player_AD::Channel*) player_ad.cpp:946
    #1 0x1023a85fb in Scumm::Player_AD::updateChannel(Scumm::Player_AD::Channel*) player_ad.cpp:888
    #2 0x1023a4ff6 in Scumm::Player_AD::updateSfx() player_ad.cpp:868
    #3 0x10239f87e in Scumm::Player_AD::onTimer() player_ad.cpp:252
    #4 0x1022add70 in Common::Functor0Mem<void, Scumm::ScummEngine_v70he>::operator()() const func.h:397
    #5 0x102ded411 in OPL::EmulatedOPL::readBuffer(short*, int) fmopl.cpp:358
    #6 0x102e1ff93 in Audio::CopyRateConverter<false, false>::flow(Audio::AudioStream&, short*, unsigned int, unsigned short, unsigned short) rate.cpp:314
    #7 0x102e0f6f3 in Audio::Channel::mix(short*, unsigned int) mixer.cpp:648
    #8 0x102e0ef7f in Audio::MixerImpl::mixCallback(unsigned char*, unsigned int) mixer.cpp:301
    #9 0x102ab32ae in SdlMixerManager::callbackHandler(unsigned char*, int) sdl-mixer.cpp:184
    #10 0x102ab31ae in SdlMixerManager::sdlCallback(void*, unsigned char*, int) sdl-mixer.cpp:191
    #11 0x104109c43 in outputCallback+0x1ac (libSDL2-2.0.0.dylib:x86_64+0xe2c43)
    #12 0x7ff820b66fe7 in ClientAudioQueue::CallOutputCallback(AudioQueueBuffer*)+0x11d (AudioToolbox:x86_64+0x45fe7)
    #13 0x7ff820b4fa03 in ClientAudioQueue::FetchAndDeliverPendingCallbacks(unsigned int)+0x33b (AudioToolbox:x86_64+0x2ea03)
    #14 0x7ff820b4f64d in _XCallbackNotificationsAvailable+0xa3 (AudioToolbox:x86_64+0x2e64d)
    #15 0x7ff81fab3a8d in mshMIGPerform+0xeb (libAudioToolboxUtility.dylib:x86_64+0xea8d)
    #16 0x7ff8131ef923 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__+0x28 (CoreFoundation:x86_64h+0x80923)
    #17 0x7ff8131ef803 in __CFRunLoopDoSource1+0x26a (CoreFoundation:x86_64h+0x80803)
    #18 0x7ff8131ede6a in __CFRunLoopRun+0x96e (CoreFoundation:x86_64h+0x7ee6a)
    #19 0x7ff8131ece3b in CFRunLoopRunSpecific+0x231 (CoreFoundation:x86_64h+0x7de3b)
    #20 0x10410973c in audioqueue_thread+0x43e (libSDL2-2.0.0.dylib:x86_64+0xe273c)
    #21 0x10408d986 in SDL_RunThread+0x2b (libSDL2-2.0.0.dylib:x86_64+0x66986)
    #22 0x1040fc7f2 in RunThread+0x8 (libSDL2-2.0.0.dylib:x86_64+0xd57f2)
    #23 0x7ff8131284e0 in _pthread_start+0x7c (libsystem_pthread.dylib:x86_64+0x64e0)
    #24 0x7ff813123f6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a)

0x60600048bc12 is located 18 bytes inside of 58-byte region [0x60600048bc00,0x60600048bc3a)
freed by thread T0 here:
    #0 0x1048bb72d in wrap__ZdaPv+0x7d (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5c72d)
    #1 0x10246a7a6 in Scumm::ResourceManager::Resource::nuke() resource.cpp:888
    #2 0x1024655af in Scumm::ResourceManager::nukeResource(Scumm::ResType, unsigned short) resource.cpp:934
    #3 0x10246a2f6 in Scumm::ResourceManager::expireResources(unsigned int) resource.cpp:1107
    #4 0x102467e54 in Scumm::ResourceManager::createResource(Scumm::ResType, unsigned short, unsigned int) resource.cpp:858
    #5 0x10246d253 in Scumm::ScummEngine::loadPtrToResource(Scumm::ResType, unsigned short, unsigned char const*) resource.cpp:1154
    #6 0x1025146ee in Scumm::ScummEngine_v5::o5_verbOps() script_v5.cpp:2919
    #7 0x1022add70 in Common::Functor0Mem<void, Scumm::ScummEngine_v70he>::operator()() const func.h:397
    #8 0x102554ac1 in Scumm::ScummEngine::executeOpcode(unsigned char) script.cpp:492
    #9 0x1025545df in Scumm::ScummEngine::executeScript() script.cpp:485
    #10 0x10254fe2e in Scumm::ScummEngine::runScriptNested(int) script.cpp:337
    #11 0x10254ecf3 in Scumm::ScummEngine::runScript(int, bool, bool, int*, int) script.cpp:89
    #12 0x1024f7d49 in Scumm::ScummEngine_v5::o5_startScript() script_v5.cpp:2790
    #13 0x1022add70 in Common::Functor0Mem<void, Scumm::ScummEngine_v70he>::operator()() const func.h:397
    #14 0x102554ac1 in Scumm::ScummEngine::executeOpcode(unsigned char) script.cpp:492
    #15 0x1025545df in Scumm::ScummEngine::executeScript() script.cpp:485
    #16 0x10254fe2e in Scumm::ScummEngine::runScriptNested(int) script.cpp:337
    #17 0x10254ecf3 in Scumm::ScummEngine::runScript(int, bool, bool, int*, int) script.cpp:89
    #18 0x1025679f1 in Scumm::ScummEngine::endCutscene() script.cpp:1623
    #19 0x102519a7c in Scumm::ScummEngine_v5::o5_endCutscene() script_v5.cpp:946
    #20 0x1022add70 in Common::Functor0Mem<void, Scumm::ScummEngine_v70he>::operator()() const func.h:397
    #21 0x102554ac1 in Scumm::ScummEngine::executeOpcode(unsigned char) script.cpp:492
    #22 0x1025545df in Scumm::ScummEngine::executeScript() script.cpp:485
    #23 0x10255be78 in Scumm::ScummEngine::runAllScripts() script.cpp:956
    #24 0x10259ec06 in Scumm::ScummEngine::scummLoop(int) scumm.cpp:2526
    #25 0x10259c162 in Scumm::ScummEngine::go() scumm.cpp:2289
    #26 0x1025abb2d in Scumm::ScummEngine::run() scumm.h:510
    #27 0x1020cce76 in runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) main.cpp:318
    #28 0x1020c7da8 in scummvm_main main.cpp:619
    #29 0x1020bce7d in main macosx-main.cpp:44

previously allocated by thread T0 here:
    #0 0x1048bb31d in wrap__Znam+0x7d (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x5c31d)
    #1 0x102467e67 in Scumm::ResourceManager::createResource(Scumm::ResType, unsigned short, unsigned int) resource.cpp:860
    #2 0x1025cc748 in Scumm::ScummEngine::readSoundResourceSmallHeader(unsigned short) sound.cpp:2479
    #3 0x102467039 in Scumm::ScummEngine::loadResource(Scumm::ResType, unsigned short) resource.cpp:691
    #4 0x102465caa in Scumm::ScummEngine::ensureResourceLoaded(Scumm::ResType, unsigned short) resource.cpp:637
    #5 0x1025b25d8 in Scumm::Sound::addSoundToQueue(int, int, int, int, int, int, int) sound.cpp:212
    #6 0x1024fef3d in Scumm::ScummEngine_v5::o5_startSound() script_v5.cpp:2656
    #7 0x1022add70 in Common::Functor0Mem<void, Scumm::ScummEngine_v70he>::operator()() const func.h:397
    #8 0x102554ac1 in Scumm::ScummEngine::executeOpcode(unsigned char) script.cpp:492
    #9 0x1025545df in Scumm::ScummEngine::executeScript() script.cpp:485
    #10 0x10255be78 in Scumm::ScummEngine::runAllScripts() script.cpp:956
    #11 0x10259ec06 in Scumm::ScummEngine::scummLoop(int) scumm.cpp:2526
    #12 0x10259c162 in Scumm::ScummEngine::go() scumm.cpp:2289
    #13 0x1025abb2d in Scumm::ScummEngine::run() scumm.h:510
    #14 0x1020cce76 in runGame(Plugin const*, Plugin const*, OSystem&, Common::String const&) main.cpp:318
    #15 0x1020c7da8 in scummvm_main main.cpp:619
    #16 0x1020bce7d in main macosx-main.cpp:44
    #17 0x1094ee52d in start+0x1cd (dyld:x86_64+0x552d)

Thread T6 created by T0 here:
    #0 0x1048a399c in wrap_pthread_create+0x5c (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x4499c)
    #1 0x1040fc7b7 in SDL_SYS_CreateThread+0x90 (libSDL2-2.0.0.dylib:x86_64+0xd57b7)
    #2 0x10408da56 in SDL_CreateThreadWithStackSize_REAL+0x6f (libSDL2-2.0.0.dylib:x86_64+0x66a56)
    #3 0x104108ee7 in COREAUDIO_OpenDevice+0x1d9 (libSDL2-2.0.0.dylib:x86_64+0xe1ee7)
    #4 0x104033888 in open_audio_device+0x62f (libSDL2-2.0.0.dylib:x86_64+0xc888)
    #5 0x104033204 in SDL_OpenAudio_REAL+0x6c (libSDL2-2.0.0.dylib:x86_64+0xc204)
    #6 0x102ab1b99 in SdlMixerManager::init() sdl-mixer.cpp:72
    #7 0x1020a3742 in OSystem_SDL::initBackend() sdl.cpp:284
    #8 0x1020b9307 in OSystem_POSIX::initBackend() posix.cpp:92
    #9 0x1020bdb71 in OSystem_MacOSX::initBackend() macosx.cpp:121
    #10 0x1020c75dc in scummvm_main main.cpp:501
    #11 0x1020bce7d in main macosx-main.cpp:44
    #12 0x1094ee52d in start+0x1cd (dyld:x86_64+0x552d)

SUMMARY: AddressSanitizer: heap-use-after-free player_ad.cpp:946 in Scumm::Player_AD::updateSlot(Scumm::Player_AD::Channel*)
Shadow bytes around the buggy address:
  0x1c0c00091730: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c0c00091740: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c0c00091750: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x1c0c00091760: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c0c00091770: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
=>0x1c0c00091780: fd fd[fd]fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x1c0c00091790: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c0c000917a0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c0c000917b0: fd fd fd fd fd fd fd fd fa fa fa fa fd fd fd fd
  0x1c0c000917c0: fd fd fd fd fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c0c000917d0: fa fa fa fa fd fd fd fd fd fd fd fd fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==4807==ABORTING
Abort trap: 6