Executing AudioStreamMP3.set_data crashes Godot

[qarmin]

Godot version

4.1.beta.custom_build. a83eb16

System information

Ubuntu 22.04 CI

Issue description

When executing

extends Node
func _process(delta):

	var temp_variable4159 = AudioStreamMP3.new()
	temp_variable4159.set_loop_offset(-59.8713487386703)
	temp_variable4159.connect(StringName(""), Callable(BoxMesh.new(),""), 89)
	temp_variable4159.set_data(PackedByteArray([239, 34, 206, 191, 246, 208, 97, 192, 89, 248, 169, 77, 185, 44, 47, 253, 22, 36, 218, 195, 78, 83, 158, 202, 91]))

Godot crashes:

 ######################## Ending test ########################
ERROR: Method argument to Callable constructor must be a non-empty string
   at: Callable (core/variant/callable.cpp:341)
ERROR: Cannot connect to '': the provided callable is null.
   at: connect (core/object/object.cpp:1255)
=================================================================
==18062==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffd8c9615c0 at pc 0x7f36b9671c23 bp 0x7ffd8c95e850 sp 0x7ffd8c95dff8
WRITE of size 16064 at 0x7ffd8c9615c0 thread T0
    #0 0x7f36b9671c22 in __interceptor_memset ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799
    #1 0x56149d9742c7 in mp3dec_ex_open_buf thirdparty/minimp3/minimp3_ex.h:681
    #2 0x56149d92c35c in AudioStreamMP3::set_data(Vector<unsigned char> const&) modules/minimp3/audio_stream_mp3.cpp:187
    #3 0x56149d94695d in void call_with_variant_args_helper<__UnexistingClass, Vector<unsigned char> const&, 0ul>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<unsigned char> const&), Variant const**, Callable::CallError&, IndexSequence<0ul>) core/variant/binder_common.h:303
    #4 0x56149d945499 in void call_with_variant_args_dv<__UnexistingClass, Vector<unsigned char> const&>(__UnexistingClass*, void (__UnexistingClass::*)(Vector<unsigned char> const&), Variant const**, int, Callable::CallError&, Vector<Variant> const&) core/variant/binder_common.h:450
    #5 0x56149d9439ec in MethodBindT<Vector<unsigned char> const&>::call(Object*, Variant const**, int, Callable::CallError&) const core/object/method_bind.h:331
    #6 0x5614b4aa1caa in Object::callp(StringName const&, Variant const**, int, Callable::CallError&) core/object/object.cpp:739
    #7 0x5614b3ece2e6 in Variant::callp(StringName const&, Variant const**, int, Variant&, Callable::CallError&) core/variant/variant_call.cpp:1174
    #8 0x56149bb9c8b9 in GDScriptFunction::call(GDScriptInstance*, Variant const**, int, Callable::CallError&, GDScriptFunction::CallState*) modules/gdscript/gdscript_vm.cpp:1662
    #9 0x56149b495acc in GDScriptInstance::callp(StringName const&, Variant const**, int, Callable::CallError&) modules/gdscript/gdscript.cpp:1791
    #10 0x5614a8ed8a50 in bool Node::_gdvirtual__process_call<false>(double) scene/main/node.h:318
    #11 0x5614a8e135d4 in Node::_notification(int) scene/main/node.cpp:56
    #12 0x56149a18e771 in Node::_notificationv(int, bool) scene/main/node.h:49
    #13 0x5614b4aa31fe in Object::notification(int, bool) core/object/object.cpp:796
    #14 0x5614a8fc69a1 in SceneTree::_process_group(SceneTree::ProcessGroup*, bool) scene/main/scene_tree.cpp:939
    #15 0x5614a8fc9efe in SceneTree::_process(bool) scene/main/scene_tree.cpp:1019
    #16 0x5614a8fb7e43 in SceneTree::process(double) scene/main/scene_tree.cpp:504
    #17 0x5614998423fa in Main::iteration() main/main.cpp:3420
    #18 0x56149957347b in OS_LinuxBSD::run() platform/linuxbsd/os_linuxbsd.cpp:912
    #19 0x56149954e9b7 in main platform/linuxbsd/godot_linuxbsd.cpp:74
    #20 0x7f36b8d1dd8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f)
    #21 0x7f36b8d1de3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f)
    #22 0x56149954e364 in _start (/home/runner/work/Qarminer/Qarminer/godot.linuxbsd.editor.dev.x86_64.san+0x3a3d5364)

Address 0x7ffd8c9615c0 is located in stack of thread T0 at offset 11488 in frame
    #0 0x56149d92c1c3 in AudioStreamMP3::set_data(Vector<unsigned char> const&) modules/minimp3/audio_stream_mp3.cpp:182

  This frame has 1 object(s):
    [32, 11488) 'mp3d' (line 186) <== Memory access at offset 11488 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow ../../../../src/libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:799 in __interceptor_memset

This example was found by Godot fuzzer - Qarminer, so it is quite unlikelly that this code could be used in real project, but still this should be handled gracefully.

Memory leaks or asan backtraces are visibe when using Godot build with sanitizers support - https://github.com/qarmin/GodotBuilds/actions (linux -> linux-editor-sanitizers)

Steps to reproduce

Above

Minimal reproduction project

Above

[jsjtxietian]

Tested on master, looks like it has a valid error message and did not crash now.

[qarmin]

No longer crashes