Segmentation Fault when opening a file with a missing section break element

• Jan 30, 2021 - 18:10
Reported version
3.3
Type
Functional
Frequency
Once
Severity
S2 - Critical
Reproducibility
Always
Status
closed
Regression
Yes
Workaround
No
Project
MuseScore

OS: Debian GNU/Linux bullseye/sid, Arch.: x86_64, MuseScore version (64-bit): 3.6.1.515740129, revision: d0fc8e9

Whenever I try to open this file (joined), I get a segmentation fault.

This file seems to be valid though:
<?xml version="1.0" encoding="UTF-8"?>
"No carrier"ersion="3.01">
3.2.3
d2d863f

0
480

  8.27008
  11.6902
  7.08898
  0.787402
  0.393701
  0.393701
  0.393701
  0.393701
  0.590551
  6
  6
  6
  12
  1
  12
  1
  9
  4
  0.46
  0.65
  1
  0.64
  1.75
  1.2
  1

  0
  0
  0
  0
  0.5
  0
  0
  0
  0
  0
  1
  1
  0
  0
  0
  2
  0
  0
  0
  0


  0
  0
  left,baseline
  0
  0
  25
  0
  0
  25

etc.

Attachment Size
Frescobaldi_-_Canzon_1.mscx 1.28 MB

Comments

Jan 30, 2021 - 19:21

stack trave i(in lares 3.x development code):
1 Ms::LayoutBreak::firstSystemIdentation layoutbreak.h 73 0x10245dc
2 Ms::Score::collectSystem layout.cpp 4077 0x9df74c
3 Ms::LayoutContext::collectPage layout.cpp 4724 0x9e42dd
4 Ms::LayoutContext::layout layout.cpp 5042 0x9e5f9c
5 Ms::Score::doLayoutRange layout.cpp 5030 0x9e5efa
6 Ms::Score::update cmd.cpp 302 0x53023e
7 Ms::Score::update score.h 756 0xf04c2a
8 Ms::readScore file.cpp 2382 0x4c9004
9 Ms::MuseScore::readScore file.cpp 473 0x4b9adc
10 Ms::MuseScore::openScore file.cpp 415 0x4b959e
11 Ms::MuseScore::doLoadFiles file.cpp 348 0x4b8ce8
12 Ms::MuseScore::openFiles file.cpp 313 0x4b892e
13 Ms::MuseScore::cmd musescore.cpp 6241 0x4303dd
14 Ms::MuseScore::cmd musescore.cpp 6033 0x42f2f7
15 Ms::MuseScore::qt_static_metacall moc_musescore.cpp 523 0x5e4d4a
16 QMetaObject::activate(QObject *, int, int, void * *) 0x68a947f8
17 QActionGroup::hovered(QAction *) 0x2cdc4db2
18 QActionGroup::qt_static_metacall(QObject *, QMetaObject::Call, int, void * *) 0x2cdc573c
19 QMetaObject::activate(QObject *, int, int, void * *) 0x68a947f8
20 QAction::activate(QAction::ActionEvent) 0x2cdc3e0e
...

Reply

Jan 30, 2021 - 23:01

At the point where the crash occurs, it seems the measure in question (105) is flagged as containing a section break, and yet, when we go to find it, we find it isn't there, instead there are two page breaks. So any code that tries to get the section break element is going to get confused and possibly crash, not just this new bit of code.

Now, this doesn't seem to reflect what's actually in the file. I guess this must be 105 in Canzon 4. Something apparently goes wrong and turns the section break into a second page break sometime before this crash happens. No idea where or why, though. It does load in 3.0.0 so technically a regression, but not a recent one apparently. And no idea what the trigger is, as normally it's fine to combine page and section breaks.

Reply

Jan 31, 2021 - 07:16

The problem is with the 14-bar multimeasure rest in Canzon 3. There is a section break on the last of its underlying measures, but there is no section break element on the multimeasure rest itself. This can be fixed by opening the MSCX file in a text editor, navigating to line 9276, and replacing <subtype>line</subtype> with <subtype>section</subtype>.

I have found that I can create this situation from scratch.

  1. In a blank score, add a line break on the last measure.
  2. Press M to turn on multimeasure rests. Notice the line break on the last measure.
  3. Press M to turn off multimeasure rests.
  4. Add a section break on the last measure. Notice that the line break disappears when the section break is added.
  5. Add a page break on the last measure.
  6. Press M to turn on multimeasure rests. Notice that instead of a page break and a section break, there is a page break and a line break, which should not be able to coexist.
  7. Save the score and close the tab.
  8. Reopen the score. At this point the program will crash.

Reply

Jan 31, 2021 - 17:40

Wow! How efficient you are! Thank you all for the solution to reopen my score.
I hope this won't be too much work to fix this strange behavior.

Reply

Jan 31, 2021 - 19:04

Overriding Element::subtype() in the LayoutBreak class is enough to prevent this situation from happening in the future.

class LayoutBreak final : public Element {
...
      int subtype() const override        { return static_cast<int>(_layoutBreakType); }
...
      }

The subtype() function is used here to find elements from a previous incarnation of the MMRest that can be reused. Since Element::subtype() simply returns -1, a LayoutBreak of type LINE was considered a match for a LayoutBreak of type SECTION, which is what caused the problem in the first place.

Reply

Feb 3, 2021 - 19:15
Title Segmentation Fault when opening a specific file when reading a section break Segmentation Fault when opening a file with a missing section break element
Status active PR created

I didn't realize this at the time, but overriding Element::subtype() in the LayoutBreak class will cause the original problematic score to be corrected upon load, completely taking care of the problem without having to introduce additional checks for whether the section break element actually exists. See https://github.com/musescore/MuseScore/pull/7407.

Reply

Feb 4, 2021 - 09:10
Status PR created fixed

Fixed in branch 3.x, commit 5802c49234

_Fix #316679: Segmentation Fault when opening a file with a missing section break element

Resolves: https://musescore.org/en/node/316679.

The LayoutBreak class failed to override Element::subtype(), causing a LayoutBreak of type LINE to be considered a match for a LayoutBreak of type SECTION when determining which elements to reuse from a previous incarnation of an MMRest._

Reply

Feb 15, 2021 - 17:09

Fixed in branch master, commit 7a75f0e2d3

_Fix #316679: Segmentation Fault when opening a file with a missing section break element

Resolves: https://musescore.org/en/node/316679.

The LayoutBreak class failed to override Element::subtype(), causing a LayoutBreak of type LINE to be considered a match for a LayoutBreak of type SECTION when determining which elements to reuse from a previous incarnation of an MMRest._

Reply

Fix version
3.6.2