id,summary,reporter,owner,description,type,status,priority,component,version,resolution,keywords,cc,game 13908,SCUMM: INDY3 (MAC): ASAN crash in Player_V2Base::next_freqs() in Castle Brunwald,dwatteau,eriktorbjorn,"Building yesterday's Git HEAD with `--enable-optimizations --enable-debug --enable-asan` on macOS with clang++ 14.0.0. This is the Macintosh 16-color version of Indy3. With ASAN enabled, the game always crashes when arriving at Castle Brunwald: {{{ ==12520==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00011029f722 at pc 0x00010f799d18 bp 0x700004034650 sp 0x700004034648 READ of size 1 at 0x00011029f722 thread T6 #0 0x10f799d17 in Scumm::Player_V2Base::next_freqs(Scumm::Player_V2Base::ChannelInfo*) player_v2base.cpp:607 #1 0x10f799f39 in Scumm::Player_V2Base::nextTick() player_v2base.cpp:649 #2 0x10f7747ea in Scumm::Player_V2::readBuffer(short*, int) player_v2.cpp:174 #3 0x1100c8585 in Audio::CopyRateConverter::flow(Audio::AudioStream&, short*, unsigned int, unsigned short, unsigned short) rate.cpp:314 #4 0x1100be10d in Audio::Channel::mix(short*, unsigned int) mixer.cpp:648 #5 0x1100bdd7c in Audio::MixerImpl::mixCallback(unsigned char*, unsigned int) mixer.cpp:301 #6 0x111157c43 in outputCallback+0x1ac (libSDL2-2.0.0.dylib:x86_64+0xe2c43) #7 0x7ff80e7b1fe7 in ClientAudioQueue::CallOutputCallback(AudioQueueBuffer*)+0x11d (AudioToolbox:x86_64+0x45fe7) #8 0x7ff80e79aa03 in ClientAudioQueue::FetchAndDeliverPendingCallbacks(unsigned int)+0x33b (AudioToolbox:x86_64+0x2ea03) #9 0x7ff80e79a64d in _XCallbackNotificationsAvailable+0xa3 (AudioToolbox:x86_64+0x2e64d) #10 0x7ff80d6fea8d in mshMIGPerform+0xeb (libAudioToolboxUtility.dylib:x86_64+0xea8d) #11 0x7ff800e3a923 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__+0x28 (CoreFoundation:x86_64h+0x80923) #12 0x7ff800e3a803 in __CFRunLoopDoSource1+0x26a (CoreFoundation:x86_64h+0x80803) #13 0x7ff800e38e6a in __CFRunLoopRun+0x96e (CoreFoundation:x86_64h+0x7ee6a) #14 0x7ff800e37e3b in CFRunLoopRunSpecific+0x231 (CoreFoundation:x86_64h+0x7de3b) #15 0x11115773c in audioqueue_thread+0x43e (libSDL2-2.0.0.dylib:x86_64+0xe273c) #16 0x1110db986 in SDL_RunThread+0x2b (libSDL2-2.0.0.dylib:x86_64+0x66986) #17 0x11114a7f2 in RunThread+0x8 (libSDL2-2.0.0.dylib:x86_64+0xd57f2) #18 0x7ff800d734e0 in _pthread_start+0x7c (libsystem_pthread.dylib:x86_64+0x64e0) #19 0x7ff800d6ef6a in thread_start+0xe (libsystem_pthread.dylib:x86_64+0x1f6a) }}} Full ASAN log attached. How to reproduce: 1. Build with ASAN. 2. Load the attached savegame, and wait for Indy and Elsa to arrive in front of Castle Brunwald.",defect,closed,high,Engine: SCUMM,,fixed,"asan,crash,castle brunwald,macintosh",,Indiana Jones 3