Crash when exporting to MusicXML

• Jan 28, 2016 - 05:28
S2 - Critical

There's were some bad links (lids shared across tags/data types), but I've cleared up all the ones I can find using notepad++.

GIT commit: f51dc11

Attachment Size
Double_Chocolate_Duet.mscx 1.02 MB


Here's a much more trivial (one note) repro. If you delete either the Chord symbol or the Fretboard Diagram, you can export. If you have both, it crashes. I don't see anything obvious in the XML and there are no parts to mess about with.

Attachment Size
CantExport.mscx 9.59 KB

Stack trace (using the 2.0.3 branch):

1 Ms::FretDiagram::writeMusicXML fret.cpp 606 0x8a5ab9
2 Ms::ExportMusicXml::harmony exportxml.cpp 5179 0x5ecb6d
3 Ms::annotations exportxml.cpp 3949 0x5e5253
4 Ms::ExportMusicXml::write exportxml.cpp 4862 0x5ea620
5 Ms::saveXml exportxml.cpp 5001 0x5eb620
6 Ms::MuseScore::saveAs file.cpp 1795 0x593d7a
7 Ms::MuseScore::exportFile file.cpp 1605 0x5914b6
8 Ms::MuseScore::cmd musescore.cpp 4041 0x4962ad
9 Ms::MuseScore::cmd musescore.cpp 3928 0x495aa4
10 Ms::MuseScore::qt_static_metacall moc_musescore.cpp 810 0x682885
11 ZN11QMetaObject8activateEP7QObjectiiPPv 0x68a655a2
12 ZN12QActionGroup7hoveredEP7QAction 0x61dc4b95
13 ?? 0x1ee30b68
14 ZN7QAction8activateENS_11ActionEventE 0x61dc3b6e
15 ?? 0x28c928
16 ?? 0x24748b04

where _dots is a NULL pointer

Crash occurs at fret.cpp#L606 where it is assumed that _dots[] exists if _marker[i] != 88

Looking at that loop, I wonder if there could be a situation where that if construction itself generates a segfault (fret.cpp#L603 ) as you're checking two lines above for the existence of _marker, but ignore the result when checking for _marker[i] (which seemingly might not exist as well)

there's also room for optimization, that function/method calls strings() 2*strings()+1 times instead of just once to store the value in a local variable?