Segmentation fault (use after free) in AnimationComponent::OnAnimationFrameChanged

System: Mac OS 10.13.6 Libraries versions: latest stable versions installed from Homebrew OpenClaw version: 150f7edb7542 Configuration: default
How to reproduce this: play level 2, sooner or later the game crashes (I see no clear crash pattern, except that I think Claw needs to die at least once for this to happen).
I built the game with Clang AddressSanitizer and this is the information I get (should be more useful than just a stack trace):
% ./openclaw 
2019-03-30 00:16:53.292 openclaw[66995:33229299] INFO: Looking for: /Users/user/.config/openclaw/config.xml
2019-03-30 00:16:53.293 openclaw[66995:33229299] INFO: Expecting config.xml in path: config.xml
2019-03-30 00:16:53.293 openclaw[66995:33229299] INFO: Loaded with:
    Config File: config.xml
    Saves File: SAVES.XML
2019-03-30 00:16:53.294 openclaw[66995:33229299] INFO: >>>>> Initializing display...
2019-03-30 00:16:54.912 openclaw[66995:33229299] INFO: Display successfully initialized.
2019-03-30 00:16:54.912 openclaw[66995:33229299] INFO: >>>>> Initializing audio...
2019-03-30 00:16:54.947 openclaw[66995:33229299] INFO: Audio successfully initialized.
2019-03-30 00:16:54.948 openclaw[66995:33229299] INFO: >>>>> Initializing font...
2019-03-30 00:16:54.952 openclaw[66995:33229299] INFO: Font successfully initialized...
2019-03-30 00:16:54.952 openclaw[66995:33229299] INFO: >>>>> Initializing resource cache...
2019-03-30 00:16:55.185 openclaw[66995:33229299] INFO: Resource cache successfully initialized
2019-03-30 00:16:55.185 openclaw[66995:33229299] INFO: >>>>> Loading actor prototypes...
2019-03-30 00:16:55.212 openclaw[66995:33229299] INFO: Actor prototypes loaded successfully.
2019-03-30 00:16:55.220 openclaw[66995:33229299] INFO: "/level_metadata/level1.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.220 openclaw[66995:33229299] INFO: "/level_metadata/level10.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.221 openclaw[66995:33229299] INFO: "/level_metadata/level2.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.221 openclaw[66995:33229299] INFO: "/level_metadata/level3.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.221 openclaw[66995:33229299] INFO: "/level_metadata/level4.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.221 openclaw[66995:33229299] INFO: "/level_metadata/level5.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.221 openclaw[66995:33229299] INFO: "/level_metadata/level6.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.222 openclaw[66995:33229299] INFO: "/level_metadata/level7.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.222 openclaw[66995:33229299] INFO: "/level_metadata/level8.xml": level metadata file successfully loaded.
2019-03-30 00:16:55.222 openclaw[66995:33229299] INFO: "/level_metadata/level9.xml": level metadata file successfully loaded.
2019-03-30 00:16:57.201 openclaw[66995:33229299] INFO: Changing to: 3
2019-03-30 00:16:59.505 openclaw[66995:33229299] ERROR: [MEMORY_PROFILER] Memory profiler not supported on this platform !
2019-03-30 00:17:00.132 openclaw[66995:33229299] WARN: [WwdObjectToXml] Unknown logic: GooCoverup
[WWD->XML]: Elapsed microseconds: 167763
[PLANE CREATION]: Elapsed microseconds: 569
[PLANE CREATION]: Elapsed microseconds: 33176
[PLANE CREATION]: Elapsed microseconds: 1231
2019-03-30 00:17:00.464 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Level2_PunkRat with position: [X: 4917.000000, Y: 3690.000195]
2019-03-30 00:17:00.753 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Level2_PunkRat with position: [X: 18342.000000, Y: 2100.000035]
2019-03-30 00:17:01.548 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultRight intersection for actor: Officer with position: [X: 18663.000000, Y: 1774.000000]
2019-03-30 00:17:01.623 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Officer with position: [X: 4806.000000, Y: 3694.000000]
2019-03-30 00:17:01.680 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Soldier with position: [X: 5026.000000, Y: 3690.000000]
2019-03-30 00:17:01.715 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Soldier with position: [X: 11383.000000, Y: 2735.000000]
2019-03-30 00:17:01.938 openclaw[66995:33229299] WARN: [CalculatePatrolBorders] Did not find raycastResultLeft intersection for actor: Officer with position: [X: 11204.000000, Y: 2733.000000]
2019-03-30 00:17:02.707 openclaw[66995:33229299] INFO: Level loaded !
2019-03-30 00:17:02.707 openclaw[66995:33229299] INFO: Level name: Claw - Level 2
2019-03-30 00:17:02.707 openclaw[66995:33229299] INFO: Level author: Monolith Productions, Inc.
2019-03-30 00:17:02.707 openclaw[66995:33229299] INFO: Level created date: July 2, 1997
2019-03-30 00:17:02.707 openclaw[66995:33229299] INFO: Loading startup ingame commands...
[GAME LOADING]: Elapsed microseconds: 3237635
2019-03-30 00:17:02.742 openclaw[66995:33229299] INFO: Changing to: 4
2019-03-30 00:17:02.742 openclaw[66995:33229299] INFO: Aborting event processing; time ran out
2019-03-30 00:17:02.742 openclaw[66995:33229299] INFO: Changing to: 5
2019-03-30 00:17:02.766 openclaw[66995:33229299] ERROR: [AmmoUpdatedDelegate] Unknown ammo type: 1
2019-03-30 00:17:02.766 openclaw[66995:33229299] ERROR: [AmmoUpdatedDelegate] Unknown ammo type: 2
=================================================================
==66995==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120001215a0 at pc 0x00010ad3f21a bp 0x7ffee4f87610 sp 0x7ffee4f87608
READ of size 8 at 0x6120001215a0 thread T0
    #0 0x10ad3f219 in AnimationComponent::OnAnimationFrameChanged(AnimationFrame*, AnimationFrame*) AnimationComponent.cpp:423
    #1 0x10ad490bf in Animation::SetNextFrame() Animation.cpp:280
    #2 0x10acba0c7 in Actor::Update(unsigned int) Actor.cpp:68
    #3 0x10aee8d52 in BaseGameLogic::VOnUpdate(unsigned int) BaseGameLogic.cpp:851
    #4 0x10aeafdfc in BaseGameApp::Run() BaseGameApp.cpp:219
    #5 0x10af0c7e7 in RunGameEngine(int, char**) MainLoop.cpp:68
    #6 0x7fff5d988014 in start (libdyld.dylib:x86_64+0x1014)

0x6120001215a0 is located 96 bytes inside of 288-byte region [0x612000121540,0x612000121660)
freed by thread T0 here:
    #0 0x10b7a4582 in wrap__ZdlPv (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x63582)
    #1 0x10ac9eb30 in std::__1::__tree<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::__map_value_compare<unsigned int, std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::less<unsigned int>, true>, std::__1::allocator<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, void*>*) memory:3490
    #2 0x10ac9eaa0 in std::__1::__tree<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::__map_value_compare<unsigned int, std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::less<unsigned int>, true>, std::__1::allocator<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, void*>*) __tree:1830
    #3 0x10ac9eac3 in std::__1::__tree<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::__map_value_compare<unsigned int, std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::less<unsigned int>, true>, std::__1::allocator<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, void*>*) __tree:1831
    #4 0x10ac9eac3 in std::__1::__tree<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::__map_value_compare<unsigned int, std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, std::__1::less<unsigned int>, true>, std::__1::allocator<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> > > >::destroy(std::__1::__tree_node<std::__1::__value_type<unsigned int, std::__1::shared_ptr<ActorComponent> >, void*>*) __tree:1831
    #5 0x10acb9f6f in Actor::Destroy() __tree:1870
    #6 0x10aee7ea5 in BaseGameLogic::VDestroyActor(unsigned int) BaseGameLogic.cpp:703
    #7 0x10aeec9db in BaseGameLogic::RequestDestroyActorDelegate(std::__1::shared_ptr<IEventData>) BaseGameLogic.cpp:940
    #8 0x10ae8edf0 in EventMgr::VUpdate(unsigned long) FastDelegate.h:991
    #9 0x10aeafdab in BaseGameApp::Run() BaseGameApp.cpp:218
    #10 0x10af0c7e7 in RunGameEngine(int, char**) MainLoop.cpp:68
    #11 0x7fff5d988014 in start (libdyld.dylib:x86_64+0x1014)

previously allocated by thread T0 here:
    #0 0x10b7a3fa2 in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64h+0x62fa2)
    #1 0x10acd1c80 in ActorComponent* GenericObjectCreationFunction<ActorComponent, PunkRatAIStateComponent>() Interfaces.h:648
    #2 0x10accf884 in ActorFactory::VCreateComponent(TiXmlElement*) Interfaces.h:688
    #3 0x10acccb28 in ActorFactory::CreateActor(TiXmlElement*, TiXmlElement*) ActorFactory.cpp:152
    #4 0x10aee7821 in BaseGameLogic::VCreateActor(TiXmlElement*, TiXmlElement*) BaseGameLogic.cpp:679
    #5 0x10aec77b2 in BaseGameLogic::VLoadGame(char const*) BaseGameLogic.cpp:322
    #6 0x10aeea171 in BaseGameLogic::VChangeState(GameState) BaseGameLogic.cpp:885
    #7 0x10afe6f4c in HumanView::LoadGameDelegate(std::__1::shared_ptr<IEventData>) HumanView.cpp:725
    #8 0x10ae8edf0 in EventMgr::VUpdate(unsigned long) FastDelegate.h:991
    #9 0x10aeafdab in BaseGameApp::Run() BaseGameApp.cpp:218
    #10 0x10af0c7e7 in RunGameEngine(int, char**) MainLoop.cpp:68
    #11 0x7fff5d988014 in start (libdyld.dylib:x86_64+0x1014)

SUMMARY: AddressSanitizer: heap-use-after-free AnimationComponent.cpp:423 in AnimationComponent::OnAnimationFrameChanged(AnimationFrame*, AnimationFrame*)
Shadow bytes around the buggy address:
  0x1c2400024260: 00 00 00 fc fc fc fc fc fc fc fc fc fa fa fa fa
  0x1c2400024270: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x1c2400024280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x1c2400024290: 00 00 00 fc fc fc fc fc fc fc fc fc fa fa fa fa
  0x1c24000242a0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
=>0x1c24000242b0: fd fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd
  0x1c24000242c0: fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa
  0x1c24000242d0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x1c24000242e0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x1c24000242f0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x1c2400024300: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==66995==ABORTING
zsh: abort      ./openclaw
pjasicek / OpenClaw

Segmentation fault (use after free) in AnimationComponent::OnAnimationFrameChanged #138
