crash with negative number of dots for rests
The attached score crashes MuseScore 3.1 and the latest development build.
Stack trace:
1 Ms::Rest::checkDots rest.cpp 434 0x8e18b8
2 Ms::Rest::layoutDots rest.cpp 408 0x8e1681
3 Ms::Rest::layout rest.cpp 399 0x8e1650
4 Ms::layoutSegmentElements layout.cpp 96 0x87aa11
5 Ms::Score::layoutChords1 layout.cpp 573 0x87c2a7
6 Ms::Score::getNextMeasure layout.cpp 2753 0x885b7b
7 Ms::Score::collectSystem layout.cpp 3555 0x889cb2
8 Ms::LayoutContext::collectPage layout.cpp 4334 0x88e889
9 Ms::LayoutContext::layout layout.cpp 4644 0x8905c5
10 Ms::Score::doLayoutRange layout.cpp 4629 0x8904c6
11 Ms::Score::update cmd.cpp 221 0x99486f
12 Ms::readScore file.cpp 2348 0x649475
13 Ms::MuseScore::readScore file.cpp 349 0x63799e
14 Ms::MuseScore::openScore file.cpp 327 0x637864
15 Ms::MuseScore::loadFiles file.cpp 304 0x637512
16 Ms::MuseScore::cmd musescore.cpp 5950 0x4f622a
17 Ms::MuseScore::cmd musescore.cpp 5758 0x4f53e5
18 Ms::MuseScore::qt_static_metacall moc_musescore.cpp 855 0x40a1d6
19 ZN11QMetaObject8activateEP7QObjectiiPPv 0x68c82085
20 ZN12QActionGroup7hoveredEP7QAction 0x264b4ee5
...
void Rest::checkDots() { int n = dots() - int(_dots.size()); for (int i = 0; i < n; ++i) { NoteDot* dot = new NoteDot(score()); dot->setParent(this); dot->setVisible(visible()); score()->undoAddElement(dot); } if (n < 0) { for (int i = 0; i < -n; ++i) score()->undoRemoveElement(_dots.back()); // <<<<<< line of crash. n is -85 here, i is 0 } }
| Attachment | Size |
|---|---|
| 19._Transformation_Finale_0.mscz | 85.32 KB |
Comments
That is what happens if a program doesn't check an input that it reads...
That file contains some rests with
<dots>-85</dots>tags inside them. MuseScore simply believes the file and assumes that there really is a rest with -85 dots. It is easy to add a check for this this case exactly but generally some form of user data validation should probably be considered if we want to avoid similar crashes in future.Question is how that -85 got in there in the first place?
OK, with those 2 bogus dots removed the score is reported as being corrupt:
Measure 151, Staff 16 incomplete. Expected: 4/4; Found: 4/1
Fixed score attached
Came up again in https://musescore.org/en/node/292223
See https://github.com/musescore/MuseScore/pull/5226
and/or https://github.com/musescore/MuseScore/pull/5235
Fixed in branch master, commit d29b92838a
Fix #290929: crash with negative number of dots for rests
Fixed in branch master, commit f4c3e75c94
_Merge pull request #5235 from Jojo-Schmitz/rest-dot-crash-2
Fix #290929: crash with negative number of dots for rests_
Automatically closed -- issue fixed for 2 weeks with no activity.