Crash on select on score with slur ending on rest

Marc Sabatella

• Dec 4, 2014 - 15:14

Type

Functional

Severity

S2 - Critical

Status

closed

Project

MuseScore

Ubuntu 14.04, GIT commit: 6bba0d4

I've seen a coupple variations on what appears to be the same crash today. Here is an easy-to-reproduce case.

1) load attached score (created in 1.3, downloaded from musescore.com)
2) select all

Result: crash

The crash occurs in Spanner::endChord(), and it's an assert failure - the endElement in this case is a rest, not a chord. But I've also seen cases where it is 0 as a result of the assignment of nullptr a couple of lines above (meaning it had been a rest up until then). Those cases happened when I wasexperimenting with things in the code so maybe I was doing something incorrectly. But the crash as described above should happen without my code.

In all cases, this is being called from Selection::updateSelectedElements(), which is called from at the end of Score::pasteStaff().

Comments

Jojo-Schmitz

• Dec 4, 2014 - 15:18

Marc Sabatella

• Dec 4, 2014 - 15:21

Yes, critical, although the score might be corrupt. Would help if I attached it. Here it is.

Attachment	Size
Doctor_Gradus_ad_Parnassum.mscz	52.69 KB

Jojo-Schmitz

• Dec 4, 2014 - 15:26

That score doesn't open in 1.3, I understood it was created with that and loaded from MsueScore.com, unchanged?
This one?
http://musescore.com/nicolas/doctor-gradus-ad-parnassum

cadiz1

• Dec 4, 2014 - 15:28

No crash here by selecting all (Ctrl + A)
select all.jpg

Attachment	Size
select all.jpg	51.59 KB

Marc Sabatella

• Dec 4, 2014 - 15:29

Yes, correct. I saved again in 2.0 to see if that would change anything.

Marc Sabatella

• Dec 4, 2014 - 16:23

FWIW, I can reproduce on both my Linux systems, with the very latest sources (built a few minutes agi) as well as builds from a few days ago. Also crashes for me on Windows with the most recent build I have there (also from a few days ago).

cadiz1

• Dec 4, 2014 - 19:29

Well, I tried on a few nightlies including the latest, and I still see no crash (under Windows7 and Windows8) after opening the file and select all.
I'm going to drop!
This issue is it reproducible from scratch?

[DELETED] 5

• Dec 4, 2014 - 20:57

Title

Crash on select on score with slur with no end element

⇒

Crash on select on score with slur ending on rest

It crashes in debug mode only. The crash is on Q_ASSERT() and they are ignored in release mode.
It easily reproducible from scratch in a68454ece6 if built in debug mode.

Create a score with a quarter note and a quarter rest
add a slur to the first note
Select all

cadiz1

• Dec 4, 2014 - 21:08

"reproducible if built in debug mode"
Ah :(
So I'll move on to something else...!

Marc Sabatella

• Dec 4, 2014 - 22:43

Doh! I should have thought of that. I even knew it was an assert failure.

I would say we could just remove the assert, then, but I still see a potential crash or two here. A couple of lines above the assert, we do a conditional assignment of _endElement, but then we dereference it without checking for null, And we potentially return null, yet the calling code doesn't check for that before dereferencing it. Hoepfully, _endElement is just never null in the first place.

System Message

• Dec 8, 2014 - 09:20

Status (old)

active

⇒

fixed

Fixed in d4712da6a3

System Message

• Dec 22, 2014 - 09:40

Status (old)

fixed

⇒