Undo Staff Types causes crash
1. Open attached score (produced in 1.3 - based on this
).
2. Right-click stave.
3. 'Staff Properties…'.
4. 'Change Instrument…'.
5. Choose 'Classical Guitar [Tablature]'.
6. 'OK'.
7. Change 'Type:' to 'Tab 6-str. full'.
8. 'OK'.
9. 'Staff Types...'.
10. 'Full Configuration'.
11. 'Beside Staff'.
12. 'OK'.
13. 'Undo'.
Result: Crash.
Note: See attached log.
Using MuseScore 2.0 Nightly Build (cc016f8) - Mac 10.7.5.
| Attachment | Size |
|---|---|
| Undo Staff Types causes crash.mscz | 1.52 KB |
| Undo Staff Types causes crash (Log).txt | 60.16 KB |
Comments
Is it due to step 11?
Reproducible also from scratch:
1- Create a new score with one instrument: "Classical Guitar"
2- Right click on staff -> Staff Properties... set Type to "Tab. 6-str common" and click Ok
3- Style -> Staff Types... and, under "Standard" type, uncheck "Show Time Sign." (or, equivalently, "Show Clef" or "Show Barlines") and click Ok
4- Undo -> Crash
Windows 8, commit c67a0ae
The problem is that in the undo stack MuseScore stores the pointer to the stafftype. However, when the stafftype is edited, the old stafftype is deleted at line 1973 of score.cpp (builtin is false)
1972 if (!oldStaffType->builtin())
1973 delete oldStaffType;
therefore the code is trying to access a deleted object when flipping back the property.
Attached address sanitizer log.
Notes:
A similar problem happens for issue #22042: Show Time Signature on part causes crash. In that case, the import from guitarPro files creates a linked tab staff only in the part and not in the rootscore (which I think is the main source of that bug). Therefore, when the
Score::replaceStaffTypesfunction is called, the staff type is changed only in the rootscore, at lines 1966-1968 of score.cpp1966 for(int staffIdx = 0; staffIdx < staves().size(); staffIdx++)
1967 if(staff(staffIdx)->staffType() == oldStaffType)
1968 staff(staffIdx)->setStaffType(st);
the oldstaff is deleted (line 1973 of score.cpp) and the following layout of the part (containing the orphan tab staff) calls the pointer to the oldstaff, which was deleted.
Doesn't crash for me, but doesn't work right either. I get a one-line staff with a tab clef but normal notes on it.
And now it does crash. Maybe I didn't quite follow the steps correctly before, or maybe results are non-deterministic (not uncommon when following stale pointers, I guess).
The design of this whole staff type has changed; the steps posted in the original and #2 no longer apply. it's possible the bug remains but would need to be triggered differently. I wasn't successful in doing so.