[crash][macos] stack-use-after-scope crash when right-clicking an ostrich in mission 1

[Amlor]

==3210==ERROR: AddressSanitizer: stack-use-after-scope on address 0x00016d089720 at pc 0x0001088c3510 bp 0x00016d088dd0 sp 0x00016d088560
READ of size 1 at 0x00016d089720 thread T0
    #0 0x1088c350c in printf_common(void*, char const*, char*)+0x834 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x2350c)
    #1 0x1088c38dc in vsnprintf+0xac (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x238dc)
    #2 0x1088c4464 in snprintf+0x50 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x24464)
    #3 0x10301c4f4 in bstring<64ul>::concat(char const*) bstring.h:53
    #4 0x10301c4ac in bstring<64ul>::bstring(char const*) bstring.h:44
    #5 0x103017c60 in bstring<64ul>::bstring(char const*) bstring.h:44
    #6 0x103238ebc in figure_impl::get_sound_reaction(xstring) const figure.cpp:295
    #7 0x103259190 in figure::figure_phrase_determine() figure_phrase.cpp:167
    #8 0x1032595a8 in figure::figure_phrase_play() figure_phrase.cpp:214
    #9 0x10383092c in figure_info_window::play_figure_phrase(object_info&) window_figure_info.cpp:84
    #10 0x103831fb4 in figure_info_window::init(object_info&) window_figure_info.cpp:147
    #11 0x1038a3b30 in window_info_init(map_point, bool) window_info.cpp:209
    #12 0x1038a1c6c in window_info_show(map_point const&, bool) window_info.cpp:294
    #13 0x10357d5c8 in handle_mouse(mouse const*) widget_city.cpp:551
    #14 0x10357c210 in widget_city_handle_input(mouse const*, hotkeys const*) widget_city.cpp:568
    #15 0x1037ce9d4 in window_city_handle_input(mouse const*, hotkeys const*) window_city.cpp:230
    #16 0x103389014 in game_handle_input_frame() game.cpp:641
    #17 0x102d789ec in run_and_draw() akhenaten.cpp:447
    #18 0x102d78f38 in main_loop() akhenaten.cpp:617
    #19 0x102d783ec in main akhenaten.cpp:641
    #20 0x197f9c270  (<unknown module>)

Address 0x00016d089720 is located in stack of thread T0 at offset 32 in frame
    #0 0x103238cfc in figure_impl::get_sound_reaction(xstring) const figure.cpp:293

  This frame has 2 object(s):
    [32, 96) 'ref.tmp' (line 294) <== Memory access at offset 32 is inside this variable
    [128, 136) 'agg.tmp'
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-scope (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x2350c) in printf_common(void*, char const*, char*)+0x834
Shadow bytes around the buggy address:
  0x00016d089480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00016d089700: f1 f1 f1 f1[f8]f8 f8 f8 f8 f8 f8 f8 f2 f2 f2 f2
  0x00016d089780: 00 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d089880: 00 00 00 00 f1 f1 f1 f1 f8 f8 f8 f8 f8 f8 f8 f8
  0x00016d089900: f8 f8 f8 f2 f2 f2 f2 f2 00 f2 f2 f2 00 00 f2 f2
  0x00016d089980: f8 f2 f2 f2 00 00 00 00 00 00 00 00 f2 f2 f2 f2
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==3210==ABORTING

[Amlor]

On linux flatpak crash does not occur