Milek7/crash Secret

## crash
=================================================================
==26627==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000625ebc at pc 0x564324118f3e bp 0x7fd73266c7d0 sp 0x7fd73266c7c0
READ of size 4 at 0x616000625ebc thread T34 (ottd:game)
    #0 0x564324118f3d in ReplaceChain(Vehicle**, DoCommandFlag, bool, bool*) (/home/milek7/ottd3/build/openttd+0xc46f3d)
    #1 0x56432411c07c in CmdAutoreplaceVehicle(unsigned int, DoCommandFlag, unsigned int, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xc4a07c)
    #2 0x5643241792de in DoCommand(unsigned int, unsigned int, unsigned int, DoCommandFlag, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xca72de)
    #3 0x5643248da087 in CallVehicleTicks() (/home/milek7/ottd3/build/openttd+0x1408087)
    #4 0x56432454ec86 in StateGameLoop() (/home/milek7/ottd3/build/openttd+0x107cc86)
    #5 0x564323eb960e in ClientNetworkGameSocketHandler::GameLoop() (/home/milek7/ottd3/build/openttd+0x9e760e)
    #6 0x564323ea347c in NetworkGameLoop() (/home/milek7/ottd3/build/openttd+0x9d147c)
    #7 0x564324557474 in GameLoop() (/home/milek7/ottd3/build/openttd+0x1085474)
    #8 0x5643240dcad2 in VideoDriver::GameLoop() (/home/milek7/ottd3/build/openttd+0xc0aad2)
    #9 0x5643240dd307 in VideoDriver::GameThread() (/home/milek7/ottd3/build/openttd+0xc0b307)
    #10 0x5643240dfd77 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void (*)(VideoDriver*), VideoDriver*>(std::thread*, char const*, void (*&&)(VideoDriver*), VideoDriver*&&)::{lambda(char const*, void (*&&)(VideoDriver*), VideoDriver*&&)#1}, char const*, void (*)(VideoDriver*), VideoDriver*> > >::_M_run() (/home/milek7/ottd3/build/openttd+0xc0dd77)
    #11 0x7fd79222d5f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
    #12 0x7fd792393298 in start_thread (/usr/lib/libpthread.so.0+0x9298)
    #13 0x7fd791f18052 in __GI___clone (/usr/lib/libc.so.6+0xff052)

0x616000625ebc is located 60 bytes inside of 568-byte region [0x616000625e80,0x6160006260b8)
freed by thread T34 (ottd:game) here:
    #0 0x7fd794a1ccb9 in __interceptor_free /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
    #1 0x564324021eff in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::PoolItem<&_vehicle_pool>::operator delete(void*) (/home/milek7/ottd3/build/openttd+0xb4feff)

previously allocated by thread T34 (ottd:game) here:
    #0 0x7fd794a1d229 in __interceptor_calloc /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
    #1 0x5643248c5e22 in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::GetNew(unsigned long) (/home/milek7/ottd3/build/openttd+0x13f3e22)

Thread T34 (ottd:game) created by T0 here:
    #0 0x7fd794983907 in __interceptor_pthread_create /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
    #1 0x7fd79222d8ea in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /home/milek7/gcc-git/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
    #2 0x564324b2b367  (/home/milek7/ottd3/build/openttd+0x1659367)

SUMMARY: AddressSanitizer: heap-use-after-free (/home/milek7/ottd3/build/openttd+0xc46f3d) in ReplaceChain(Vehicle**, DoCommandFlag, bool, bool*)
Shadow bytes around the buggy address:
  0x0c2c800bcb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800bcb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800bcba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800bcbb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c2c800bcbc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c2c800bcbd0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
  0x0c2c800bcbe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800bcbf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800bcc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c2c800bcc10: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c2c800bcc20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==26627==ABORTING
	=================================================================
	==26627==ERROR: AddressSanitizer: heap-use-after-free on address 0x616000625ebc at pc 0x564324118f3e bp 0x7fd73266c7d0 sp 0x7fd73266c7c0
	READ of size 4 at 0x616000625ebc thread T34 (ottd:game)
	#0 0x564324118f3d in ReplaceChain(Vehicle*, DoCommandFlag, bool, bool) (/home/milek7/ottd3/build/openttd+0xc46f3d)
	#1 0x56432411c07c in CmdAutoreplaceVehicle(unsigned int, DoCommandFlag, unsigned int, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xc4a07c)
	#2 0x5643241792de in DoCommand(unsigned int, unsigned int, unsigned int, DoCommandFlag, unsigned int, char const*) (/home/milek7/ottd3/build/openttd+0xca72de)
	#3 0x5643248da087 in CallVehicleTicks() (/home/milek7/ottd3/build/openttd+0x1408087)
	#4 0x56432454ec86 in StateGameLoop() (/home/milek7/ottd3/build/openttd+0x107cc86)
	#5 0x564323eb960e in ClientNetworkGameSocketHandler::GameLoop() (/home/milek7/ottd3/build/openttd+0x9e760e)
	#6 0x564323ea347c in NetworkGameLoop() (/home/milek7/ottd3/build/openttd+0x9d147c)
	#7 0x564324557474 in GameLoop() (/home/milek7/ottd3/build/openttd+0x1085474)
	#8 0x5643240dcad2 in VideoDriver::GameLoop() (/home/milek7/ottd3/build/openttd+0xc0aad2)
	#9 0x5643240dd307 in VideoDriver::GameThread() (/home/milek7/ottd3/build/openttd+0xc0b307)
	#10 0x5643240dfd77 in std::thread::_State_impl<std::thread::_Invoker<std::tuple<StartNewThread<void ()(VideoDriver), VideoDriver>(std::thread, char const, void (&&)(VideoDriver), VideoDriver&&)::{lambda(char const, void (&&)(VideoDriver), VideoDriver&&)#1}, char const, void ()(VideoDriver), VideoDriver> > >::_M_run() (/home/milek7/ottd3/build/openttd+0xc0dd77)
	#11 0x7fd79222d5f3 in execute_native_thread_routine /home/milek7/gcc-git/src/gcc/libstdc++-v3/src/c++11/thread.cc:82
	#12 0x7fd792393298 in start_thread (/usr/lib/libpthread.so.0+0x9298)
	#13 0x7fd791f18052 in __GI___clone (/usr/lib/libc.so.6+0xff052)

	0x616000625ebc is located 60 bytes inside of 568-byte region [0x616000625e80,0x6160006260b8)
	freed by thread T34 (ottd:game) here:
	#0 0x7fd794a1ccb9 in __interceptor_free /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:127
	#1 0x564324021eff in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::PoolItem<&_vehicle_pool>::operator delete(void*) (/home/milek7/ottd3/build/openttd+0xb4feff)

	previously allocated by thread T34 (ottd:game) here:
	#0 0x7fd794a1d229 in __interceptor_calloc /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_malloc_linux.cpp:154
	#1 0x5643248c5e22 in Pool<Vehicle, unsigned int, 512ul, 1044480ul, (PoolType)1, false, true>::GetNew(unsigned long) (/home/milek7/ottd3/build/openttd+0x13f3e22)

	Thread T34 (ottd:game) created by T0 here:
	#0 0x7fd794983907 in __interceptor_pthread_create /home/milek7/gcc-git/src/gcc/libsanitizer/asan/asan_interceptors.cpp:216
	#1 0x7fd79222d8ea in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) /home/milek7/gcc-git/src/gcc-build/x86_64-pc-linux-gnu/libstdc++-v3/include/x86_64-pc-linux-gnu/bits/gthr-default.h:663
	#2 0x564324b2b367 (/home/milek7/ottd3/build/openttd+0x1659367)

	SUMMARY: AddressSanitizer: heap-use-after-free (/home/milek7/ottd3/build/openttd+0xc46f3d) in ReplaceChain(Vehicle*, DoCommandFlag, bool, bool)
	Shadow bytes around the buggy address:
	0x0c2c800bcb80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c2c800bcb90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c2c800bcba0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c2c800bcbb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	0x0c2c800bcbc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	=>0x0c2c800bcbd0: fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd fd fd
	0x0c2c800bcbe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2c800bcbf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2c800bcc00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
	0x0c2c800bcc10: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
	0x0c2c800bcc20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
	Shadow byte legend (one shadow byte represents 8 application bytes):
	Addressable: 00
	Partially addressable: 01 02 03 04 05 06 07
	Heap left redzone: fa
	Freed heap region: fd
	Stack left redzone: f1
	Stack mid redzone: f2
	Stack right redzone: f3
	Stack after return: f5
	Stack use after scope: f8
	Global redzone: f9
	Global init order: f6
	Poisoned by user: f7
	Container overflow: fc
	Array cookie: ac
	Intra object redzone: bb
	ASan internal: fe
	Left alloca redzone: ca
	Right alloca redzone: cb
	Shadow gap: cc
	==26627==ABORTING