================================================================= ==4332==ERROR: AddressSanitizer: heap-use-after-free on address 0x61100236f9e0 at pc 0x000110e0f0cc bp 0x7ffee0c628f0 sp 0x7ffee0c628e8 READ of size 1 at 0x61100236f9e0 thread T0 #0 0x110e0f0cb in Ms::FindItemBspTreeVisitor::visit(QList*) bsp.cpp:57 #1 0x110e0b6ef in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:297 #2 0x110e0b900 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:314 #3 0x110e0b76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #4 0x110e0b900 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:314 #5 0x110e0b7e1 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:303 #6 0x110e0b900 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:314 #7 0x110e0b76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #8 0x110e0b889 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:312 #9 0x110e0b76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #10 0x110e0b889 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:312 #11 0x110e0be02 in Ms::BspTree::items(QRectF const&) bsp.cpp:140 #12 0x1114f3457 in Ms::Page::items(QRectF const&) page.cpp:58 #13 0x110874930 in Ms::ScoreView::paint(QRect const&, QPainter&) scoreview.cpp:1106 #14 0x110872206 in Ms::ScoreView::paintEvent(QPaintEvent*) scoreview.cpp:887 #15 0x114e43e60 in QWidget::event(QEvent*) (QtWidgets:x86_64+0x4be60) #16 0x10f605b40 in Ms::ScoreView::event(QEvent*) events.cpp:70 #17 0x114e09b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #18 0x114e0ae9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #19 0x11b8d0a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #20 0x114e3c78e in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4478e) #21 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #22 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #23 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #24 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #25 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #26 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #27 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #28 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #29 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #30 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #31 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #32 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #33 0x114e3cf3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #34 0x114e3cde8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #35 0x114e3cde8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #36 0x114e3cde8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #37 0x114e3cde8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #38 0x114e3c99b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #39 0x114e16c88 in QWidgetBackingStore::doSync() (QtWidgets:x86_64+0x1ec88) #40 0x114e4405a in QWidget::event(QEvent*) (QtWidgets:x86_64+0x4c05a) #41 0x114f63883 in QMainWindow::event(QEvent*) (QtWidgets:x86_64+0x16b883) #42 0x114e09b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #43 0x114e0ae9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #44 0x11b8d0a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #45 0x11b8d1c31 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (QtCore:x86_64+0x1ecc31) #46 0x121bd0e8d in QCocoaEventDispatcherPrivate::processPostedEvents() (libqcocoa.dylib:x86_64+0x27e8d) #47 0x121bd1740 in QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) (libqcocoa.dylib:x86_64+0x28740) #48 0x7fff567aba20 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (CoreFoundation:x86_64+0x9fa20) #49 0x7fff5686326b in __CFRunLoopDoSource0 (CoreFoundation:x86_64+0x15726b) #50 0x7fff5678eaaf in __CFRunLoopDoSources0 (CoreFoundation:x86_64+0x82aaf) #51 0x7fff5678df2c in __CFRunLoopRun (CoreFoundation:x86_64+0x81f2c) #52 0x7fff5678d786 in CFRunLoopRunSpecific (CoreFoundation:x86_64+0x81786) #53 0x7fff55a9ae25 in RunCurrentEventLoopInMode (HIToolbox:x86_64+0x2fe25) #54 0x7fff55a9ab95 in ReceiveNextEventCommon (HIToolbox:x86_64+0x2fb95) #55 0x7fff55a9a913 in _BlockUntilNextEventMatchingListInModeWithFilter (HIToolbox:x86_64+0x2f913) #56 0x7fff53d65f5e in _DPSNextEvent (AppKit:x86_64+0x41f5e) #57 0x7fff544fbb4b in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (AppKit:x86_64+0x7d7b4b) #58 0x7fff53d5ad6c in -[NSApplication run] (AppKit:x86_64+0x36d6c) #59 0x121bd053c in QCocoaEventDispatcher::processEvents(QFlags) (libqcocoa.dylib:x86_64+0x2753c) #60 0x11b8cc741 in QEventLoop::exec(QFlags) (QtCore:x86_64+0x1e7741) #61 0x11b8d1171 in QCoreApplication::exec() (QtCore:x86_64+0x1ec171) #62 0x110501354 in main musescore.cpp:6849 #63 0x10ef9c533 in start (mscore:x86_64+0x10000c533) 0x61100236f9e0 is located 160 bytes inside of 200-byte region [0x61100236f940,0x61100236fa08) freed by thread T0 here: #0 0x11bcc714b in wrap__ZdlPv (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x6114b) #1 0x1113c9ff1 in Ms::LedgerLine::~LedgerLine() ledgerline.h:31 #2 0x110e4ba15 in Ms::Chord::layoutPitched() chord.cpp:1760 #3 0x110e44e57 in Ms::Chord::layout() chord.cpp:1721 #4 0x11132c180 in Ms::Score::layoutChords1(Ms::Segment*, int) layout.cpp:516 #5 0x111350a6d in Ms::Score::getNextMeasure(Ms::LayoutContext&) layout.cpp:2438 #6 0x11136b137 in Ms::Score::collectSystem(Ms::LayoutContext&) layout.cpp:3082 #7 0x1113854f8 in Ms::LayoutContext::collectPage() layout.cpp:3580 #8 0x11139105d in Ms::LayoutContext::layout() layout.cpp:3890 #9 0x11138eea0 in Ms::Score::doLayoutRange(int, int) layout.cpp:3863 #10 0x110ee9c28 in Ms::Score::update() cmd.cpp:221 #11 0x110eeb096 in Ms::Score::endCmd(bool) cmd.cpp:179 #12 0x110882cc0 in Ms::ScoreView::normalPaste() scoreview.cpp:1700 #13 0x110883ed2 in Ms::ScoreView::cmd(char const*) scoreview.cpp:1774 #14 0x1108831f4 in Ms::ScoreView::cmd(QAction const*) scoreview.cpp:1739 #15 0x1104da923 in Ms::MuseScore::cmd(QAction*, QString const&) musescore.cpp:5585 #16 0x1104d5795 in Ms::MuseScore::cmd(QAction*) musescore.cpp:5119 #17 0x10efb3ae2 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_musescore.cpp:747 #18 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #19 0x10efccb73 in Ms::ScoreTab::actionTriggered(QAction*) moc_scoretab.cpp:187 #20 0x10efcbdd2 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_scoretab.cpp:100 #21 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #22 0x114e02e0f in QActionGroup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (QtWidgets:x86_64+0xae0f) #23 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #24 0x114e00344 in QAction::activate(QAction::ActionEvent) (QtWidgets:x86_64+0x8344) #25 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #26 0x11b8f9943 in QObject::event(QEvent*) (QtCore:x86_64+0x214943) #27 0x114e09b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #28 0x114e0ae9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #29 0x11b8d0a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) previously allocated by thread T0 here: #0 0x11bcc6b4b in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x60b4b) #1 0x110e34298 in Ms::Chord::addLedgerLines() chord.cpp:757 #2 0x110e4df3d in Ms::Chord::layoutPitched() chord.cpp:1873 #3 0x110e44e57 in Ms::Chord::layout() chord.cpp:1721 #4 0x111354cf7 in Ms::Score::getNextMeasure(Ms::LayoutContext&) layout.cpp:2556 #5 0x11136b137 in Ms::Score::collectSystem(Ms::LayoutContext&) layout.cpp:3082 #6 0x1113854f8 in Ms::LayoutContext::collectPage() layout.cpp:3580 #7 0x11139105d in Ms::LayoutContext::layout() layout.cpp:3890 #8 0x11138eea0 in Ms::Score::doLayoutRange(int, int) layout.cpp:3863 #9 0x110ee9c28 in Ms::Score::update() cmd.cpp:221 #10 0x110eeb096 in Ms::Score::endCmd(bool) cmd.cpp:179 #11 0x110882cc0 in Ms::ScoreView::normalPaste() scoreview.cpp:1700 #12 0x110883ed2 in Ms::ScoreView::cmd(char const*) scoreview.cpp:1774 #13 0x1108831f4 in Ms::ScoreView::cmd(QAction const*) scoreview.cpp:1739 #14 0x1104da923 in Ms::MuseScore::cmd(QAction*, QString const&) musescore.cpp:5585 #15 0x1104d5795 in Ms::MuseScore::cmd(QAction*) musescore.cpp:5119 #16 0x10efb3ae2 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_musescore.cpp:747 #17 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #18 0x10efccb73 in Ms::ScoreTab::actionTriggered(QAction*) moc_scoretab.cpp:187 #19 0x10efcbdd2 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_scoretab.cpp:100 #20 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #21 0x114e02e0f in QActionGroup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (QtWidgets:x86_64+0xae0f) #22 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #23 0x114e00344 in QAction::activate(QAction::ActionEvent) (QtWidgets:x86_64+0x8344) #24 0x11b9016a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #25 0x11b8f9943 in QObject::event(QEvent*) (QtCore:x86_64+0x214943) #26 0x114e09b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #27 0x114e0ae9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #28 0x11b8d0a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #29 0x11b8d1c31 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (QtCore:x86_64+0x1ecc31) SUMMARY: AddressSanitizer: heap-use-after-free bsp.cpp:57 in Ms::FindItemBspTreeVisitor::visit(QList*) Shadow bytes around the buggy address: 0x1c220046dee0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c220046def0: fd fd fd fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c220046df00: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c220046df10: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x1c220046df20: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd =>0x1c220046df30: fd fd fd fd fd fd fd fd fd fd fd fd[fd]fd fd fd 0x1c220046df40: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c220046df50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c220046df60: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa 0x1c220046df70: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x1c220046df80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==4332==ABORTING Abort trap: 6