Opening this MusicXML causes crash

• Oct 29, 2013 - 16:03
Type
Functional
Severity
S2 - Critical
Status
closed
Project
MuseScore

Hello,

Hang and finally crash on loading this big XML score. Musescore 1.3 can load it, 2.0 buid 8a35d82 can't.

Windows 7 64 bits

Robert

Attachment Size
jazz-919.zip 546.02 KB

Comments

Oct 29, 2013 - 20:57

Reproduced on recent trunk (this weekend). MuseScore doesn't hang, import (and especially schema validation) just takes a long time.

GDB output, including stack trace:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000110
QListData::size (this=0x110) at qlist.h:90
90 inline int size() const { return d->end - d->begin; }
(gdb) bt
#0 QListData::size (this=0x110) at qlist.h:90
#1 0x0000000100081126 in QList::value (this=0x110, i=76) at qlist.h:646
#2 0x000000010007ac42 in Ms::Segment::element (this=0x0, track=76) at segment.h:126
#3 0x0000000100770d13 in Ms::renderChord (chord=0x143c07530, gateTime=100, ontime=0) at /Users/lvi/dev/MuseScore/libmscore/rendermidi.cpp:552
#4 0x00000001007707c2 in Ms::Score::createPlayEvents (this=0x1078d2800, chord=0x143c07530) at /Users/lvi/dev/MuseScore/libmscore/rendermidi.cpp:738
#5 0x0000000100771eb2 in Ms::Score::createPlayEvents (this=0x1078d2800) at /Users/lvi/dev/MuseScore/libmscore/rendermidi.cpp:761
#6 0x00000001006f4b4a in Ms::Score::doLayout (this=0x1078d2800) at /Users/lvi/dev/MuseScore/libmscore/layout.cpp:565
#7 0x000000010066a77c in Ms::Score::update (this=0x1078d2800) at /Users/lvi/dev/MuseScore/libmscore/cmd.cpp:153
#8 0x0000000100535723 in Ms::ScoreView::setScore (this=0x1410bfa90, s=0x1078d2800) at /Users/lvi/dev/MuseScore/mscore/scoreview.cpp:943
#9 0x000000010052e5ec in Ms::ScoreTab::setCurrent (this=0x11045c030, n=0) at /Users/lvi/dev/MuseScore/mscore/scoretab.cpp:153
#10 0x000000010052f471 in Ms::ScoreTab::setCurrentIndex (this=0x11045c030, idx=0) at /Users/lvi/dev/MuseScore/mscore/scoretab.cpp:336
#11 0x00000001003f50ab in Ms::MuseScore::setCurrentView (this=0x110317d40, tabIdx=0, idx=0) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:1466
#12 0x000000010040d228 in Ms::loadScores (argv=@0x7fff5fbffa28) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:2115
#13 0x000000010040c410 in main (argc=2, av=0x7fff5fbffaf8) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:4960

Reply

Dec 29, 2013 - 20:24

Tried again with current trunk. Still crashes, but with different symptoms:

Console output ends with:
Parsing time elapsed: 11491 ms
importMusicXml() return 0
next note at 817200 track 0 for tie not found
next note at 817200 track 8 for tie not found
next note at 817200 track 12 for tie not found
next note at 817200 track 16 for tie not found
next note at 817200 track 24 for tie not found
next note at 817200 track 40 for tie not found
next note at 824160 track 104 for tie not found
next note at 825120 track 104 for tie not found
next note at 826080 track 80 for tie not found
next note at 826080 track 104 for tie not found
loop toggled 0 - 0
Reading symbols for shared libraries . done
Chord::renderTremolo: cannot find 2. chord

ASSERT failure in QVector::operator[]: "index out of range", file /Users/lvi/Qt5.1.0/5.1.0/clang_64/include/QtCore/qvector.h, line 354

Program received signal SIGABRT, Aborted.
0x00007fff8d94dce2 in __pthread_kill ()

Stack trace:
(gdb) bt
#0 0x00007fff8d94dce2 in __pthread_kill ()
#1 0x00007fff97d367d2 in pthread_kill ()
#2 0x00007fff97d27a7a in abort ()
#3 0x0000000101a99749 in qt_message_fatal ()
#4 0x0000000101a99db1 in QMessageLogger::fatal ()
#5 0x0000000101a96028 in qt_assert_x ()
#6 0x000000010055f4e6 in QVector::operator[] (this=0x10740f5d0, i=1634887028) at qvector.h:354
#7 0x000000010055f482 in Ms::ScoreFont::toString (this=0x10740f5b8, id=1634887028) at sym.h:2009
#8 0x000000010055c778 in Ms::ScoreFont::width (this=0x10740f5b8, id=1634887028, mag=1) at sym.h:2020
#9 0x00000001006a8033 in Ms::Element::symWidth (this=0x144fe5860, id=1634887028) at /Users/lvi/dev/MuseScore/libmscore/element.cpp:1698
#10 0x000000010074ade7 in Ms::Note::headWidth (this=0x144fe5860) at /Users/lvi/dev/MuseScore/libmscore/note.cpp:364
#11 0x00000001007057a2 in Ms::Score::layoutChords1 (this=0x10986e800, notes=@0x7fff5fbfd9d8, voices=1, staff=0x141ef0ef0, segment=0x14275e160) at /Users/lvi/dev/MuseScore/libmscore/layout.cpp:244
#12 0x0000000100704a9b in Ms::Score::layoutChords1 (this=0x10986e800, segment=0x14275e160, staffIdx=21) at /Users/lvi/dev/MuseScore/libmscore/layout.cpp:125
#13 0x0000000100707c2a in Ms::Score::layoutStage3 (this=0x10986e800) at /Users/lvi/dev/MuseScore/libmscore/layout.cpp:578
#14 0x000000010070844b in Ms::Score::doLayout (this=0x10986e800) at /Users/lvi/dev/MuseScore/libmscore/layout.cpp:666
#15 0x000000010067b97c in Ms::Score::update (this=0x10986e800) at /Users/lvi/dev/MuseScore/libmscore/cmd.cpp:156
#16 0x000000010053e0d5 in Ms::ScoreView::setScore (this=0x1450f34a0, s=0x10986e800) at /Users/lvi/dev/MuseScore/mscore/scoreview.cpp:942
#17 0x0000000100536fcc in Ms::ScoreTab::setCurrent (this=0x113f06da0, n=0) at /Users/lvi/dev/MuseScore/mscore/scoretab.cpp:153
#18 0x0000000100537e51 in Ms::ScoreTab::setCurrentIndex (this=0x113f06da0, idx=0) at /Users/lvi/dev/MuseScore/mscore/scoretab.cpp:336
#19 0x00000001003fdd2b in Ms::MuseScore::setCurrentView (this=0x113e26960, tabIdx=0, idx=0) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:1467
#20 0x00000001004158f8 in Ms::loadScores (argv=@0x7fff5fbffa28) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:2139
#21 0x0000000100414ae5 in main (argc=2, av=0x7fff5fbffaf8) at /Users/lvi/dev/MuseScore/mscore/musescore.cpp:4896

Reply

Dec 30, 2013 - 14:13

This file gives me *loads* of errors on 2.0, and then crashes, somewhat slower than Leon :-(

Duration errors, loads of unknown nodes, loads of illegal part ids.

Full output attached.

Attachment Size
Issue23344.txt 131.32 KB

Reply

Dec 30, 2013 - 14:53

The file generates many spurious errors. I am working on reducing these, as they may mask real issues.

The crash occurs because a few notes contain impossible values for note head type, resulting in an array out of bounds. I suspect this happens in part 22 (the piano part) at measure 485, but have not found the cause yet.

Size of the file does not help either, scrolling is painfully slow in MuseScore and editing is difficult.

Reply

Dec 30, 2013 - 20:21

Cause found: bug in handling overlapping octave shifts leads to using an already deleted ottava leads to memory corruption. Am working on a structural solution.

Reply

Dec 31, 2013 - 14:30

Hello,

Yes now import work, thank's :-) , but it's very hard to work with this large file. Musescore is very slow. This score was exported from Sibelius and working on it it's smooth.

Gai-Luron

Reply