Creating a 4-or-higher tuplet on a 512th or an 8-or-higher tuplet on a 256th crashes Musescore

• May 6, 2022 - 22:47
Reported version
3.5
Type
Functional
Frequency
Once
Severity
S2 - Critical
Reproducibility
Always
Status
closed
Regression
No
Workaround
No
Project
MuseScore

Steps to reproduce the bug:
1) Create a 512-th note or rest
2) select the 512th and go to Add->Tuplet->Quadruplet (anything with a higher ratio, like quintuplet or sextuplet will also work. Triplets however do work as intended, creating 1024th-triplets.)
3) when trying to split the 512th into the x-tuplet, musescore will crash instead.

Expected behavior: Creation of the appropriate tuplet, or an error message reading that the entered note value is too short (like what happens when trying to tuplet a 1024th)

Actual behavior: Musescore tries to create the tuplet, but crashes.

This bug was tested on (OS: macOS 10.16, Arch.: x86_64, MuseScore version (64-bit): 3.6.2.548020600, revision: 3224f34)

Comments

May 7, 2022 - 09:55

Stack trace:

1 Ms::Fraction::reduce fraction.h 102 0xf348f5
2 Ms::Fraction::operator/= fraction.h 190 0xf34afc
3 Ms::Fraction::operator/ fraction.h 212 0x105f617
4 Ms::Score::cmdCreateTuplet edit.cpp 2788 0x982f67
5 Ms::ScoreView::cmdCreateTuplet scoreview.cpp 4364 0x65325f
6 Ms::ScoreView::cmdTuplet scoreview.cpp 4355 0x653205
7 Ms::ScoreView::cmdTuplet scoreview.cpp 4429 0x6536fe
8 Ms::ScoreView::::operator()(Ms::ScoreView *, const QByteArray &) const scoreview.cpp 2628 0x645153
9 std::_Function_handler>::_M_invoke(const std::_Any_data &, Ms::ScoreView *&&, const QByteArray &) std_function.h 297 0x662a1f
10 std::function::operator()(Ms::ScoreView *, QByteArray const&) const std_function.h 687 0x10cb44d
11 Ms::ScoreView::cmd scoreview.cpp 2890 0x64ae61
12 Ms::ScoreView::cmd scoreview.cpp 2089 0x642547
13 Ms::MuseScore::cmd musescore.cpp 6617 0x433e80
14 Ms::MuseScore::cmd musescore.cpp 6044 0x4307ca
15 Ms::MuseScore::qt_static_metacall moc_musescore.cpp 610 0x5eef8d
16 void doActivate(QObject *, int, void * *) 0x68b978bb
17 Ms::ScoreTab::actionTriggered moc_scoretab.cpp 226 0x60e3f8
18 Ms::ScoreTab::qt_static_metacall moc_scoretab.cpp 111 0x60de67
19 void doActivate(QObject *, int, void * *) 0x68b978bb
20 QActionGroupPrivate::_q_actionTriggered() 0x327b4cc2
...

A "Division by 0" error

      void reduce()
            {
            const int g = gcd(_numerator, _denominator);
            _numerator /= g; _denominator /= g;
            }

with g being 0, as both, _numerator and _denominator are also 0

Reply

May 7, 2022 - 12:19
Title Creating a 4-or-higher tuplet on a 512th crashes Musescore Creating a 4-or-higher tuplet on a 512th or an 8-or-higher tuplet on a 256th crashes Musescore

Possible fix:

diff --git a/mscore/scoreview.cpp b/mscore/scoreview.cpp
index d0e4a2a232..8888fe4e70 100644
--- a/mscore/scoreview.cpp
+++ b/mscore/scoreview.cpp
@@ -4311,7 +4311,10 @@ void ScoreView::setControlCursorVisible(bool v)
 
 void ScoreView::cmdTuplet(int n, ChordRest* cr)
       {
-      if (cr->durationType() < TDuration(TDuration::DurationType::V_512TH) && cr->durationType() != TDuration(TDuration::DurationType::V_MEASURE)) {
+      if ((cr->durationType() < TDuration(TDuration::DurationType::V_512TH) && cr->durationType() != TDuration(TDuration::DurationType::V_MEASURE))
+          || (cr->durationType() < TDuration(TDuration::DurationType::V_256TH) && n > 3)
+          || (cr->durationType() < TDuration(TDuration::DurationType::V_128TH) && n > 7)
+          ) {
             mscore->noteTooShortForTupletDialog();
             return;
             }

which does then bring up that "Tuplet too short" dialog

Reply

May 7, 2022 - 13:39

the master branch crashes at the same spot and for the same reason (division by zero) but the above mentioned conde change can't get applied there.

Reply

Fix version
4.1.0