The fun thing is that with the (only) call-site to ReadAsynchron in
PNGReaderImpl::ImplReadIDAT (vcl/source/gdi/pngread.cxx) passing in rIStm
references to stack-allocated SvMemoryStream instances, mpIStm could point to an
old, destroyed instance from a previous call, but which would have been located
at exactly the same stack address as the currently passed in rIStm, so the wrong
mpIStm->Read call would effectively behaved exactly the same as a correct
rIStm.Read call.

This went unnoticed "since the beginning" until AddressSanitizer's
UseAfterReturn check came along...

Change-Id: I7c75ed2d36a4c24c111d88eff647816bd2c5dbca