================================================================= ==4292==ERROR: AddressSanitizer: heap-use-after-free on address 0x61100062e020 at pc 0x0001035ae0cc bp 0x7ffeee4c39b0 sp 0x7ffeee4c39a8 READ of size 1 at 0x61100062e020 thread T0 #0 0x1035ae0cb in Ms::FindItemBspTreeVisitor::visit(QList*) bsp.cpp:57 #1 0x1035aa6ef in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:297 #2 0x1035aa7e1 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:303 #3 0x1035aa889 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:312 #4 0x1035aa76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #5 0x1035aa889 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:312 #6 0x1035aa76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #7 0x1035aa900 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:314 #8 0x1035aa76a in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:301 #9 0x1035aa889 in Ms::BspTree::climbTree(Ms::BspTreeVisitor*, QRectF const&, int) bsp.cpp:312 #10 0x1035aae02 in Ms::BspTree::items(QRectF const&) bsp.cpp:140 #11 0x103c92457 in Ms::Page::items(QRectF const&) page.cpp:58 #12 0x103013930 in Ms::ScoreView::paint(QRect const&, QPainter&) scoreview.cpp:1106 #13 0x103011206 in Ms::ScoreView::paintEvent(QPaintEvent*) scoreview.cpp:887 #14 0x1075ede60 in QWidget::event(QEvent*) (QtWidgets:x86_64+0x4be60) #15 0x101da4b40 in Ms::ScoreView::event(QEvent*) events.cpp:70 #16 0x1075b3b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #17 0x1075b4e9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #18 0x10e075a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #19 0x1075e678e in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4478e) #20 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #21 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #22 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #23 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #24 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #25 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #26 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #27 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #28 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #29 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #30 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #31 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #32 0x1075e6f3b in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44f3b) #33 0x1075e6de8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #34 0x1075e6de8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #35 0x1075e6de8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #36 0x1075e6de8 in QWidgetPrivate::paintSiblingsRecursive(QPaintDevice*, QList const&, int, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x44de8) #37 0x1075e699b in QWidgetPrivate::drawWidget(QPaintDevice*, QRegion const&, QPoint const&, int, QPainter*, QWidgetBackingStore*) (QtWidgets:x86_64+0x4499b) #38 0x1075c0c88 in QWidgetBackingStore::doSync() (QtWidgets:x86_64+0x1ec88) #39 0x1075ee05a in QWidget::event(QEvent*) (QtWidgets:x86_64+0x4c05a) #40 0x10770d883 in QMainWindow::event(QEvent*) (QtWidgets:x86_64+0x16b883) #41 0x1075b3b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #42 0x1075b4e9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #43 0x10e075a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #44 0x10e076c31 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (QtCore:x86_64+0x1ecc31) #45 0x1142d3e8d in QCocoaEventDispatcherPrivate::processPostedEvents() (libqcocoa.dylib:x86_64+0x27e8d) #46 0x1142d4740 in QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) (libqcocoa.dylib:x86_64+0x28740) #47 0x7fff567aba20 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (CoreFoundation:x86_64+0x9fa20) #48 0x7fff5686326b in __CFRunLoopDoSource0 (CoreFoundation:x86_64+0x15726b) #49 0x7fff5678eaaf in __CFRunLoopDoSources0 (CoreFoundation:x86_64+0x82aaf) #50 0x7fff5678df2c in __CFRunLoopRun (CoreFoundation:x86_64+0x81f2c) #51 0x7fff5678d786 in CFRunLoopRunSpecific (CoreFoundation:x86_64+0x81786) #52 0x7fff55a9ae25 in RunCurrentEventLoopInMode (HIToolbox:x86_64+0x2fe25) #53 0x7fff55a9aa9e in ReceiveNextEventCommon (HIToolbox:x86_64+0x2fa9e) #54 0x7fff55a9a913 in _BlockUntilNextEventMatchingListInModeWithFilter (HIToolbox:x86_64+0x2f913) #55 0x7fff53d65f5e in _DPSNextEvent (AppKit:x86_64+0x41f5e) #56 0x7fff544fbb4b in -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] (AppKit:x86_64+0x7d7b4b) #57 0x7fff53d5ad6c in -[NSApplication run] (AppKit:x86_64+0x36d6c) #58 0x1142d353c in QCocoaEventDispatcher::processEvents(QFlags) (libqcocoa.dylib:x86_64+0x2753c) #59 0x10e071741 in QEventLoop::exec(QFlags) (QtCore:x86_64+0x1e7741) #60 0x10e076171 in QCoreApplication::exec() (QtCore:x86_64+0x1ec171) #61 0x102ca0354 in main musescore.cpp:6849 #62 0x10173b533 in start (mscore:x86_64+0x10000c533) 0x61100062e020 is located 160 bytes inside of 200-byte region [0x61100062df80,0x61100062e048) freed by thread T0 here: #0 0x10e46c14b in wrap__ZdlPv (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x6114b) #1 0x103b68ff1 in Ms::LedgerLine::~LedgerLine() ledgerline.h:31 #2 0x1035eaa15 in Ms::Chord::layoutPitched() chord.cpp:1760 #3 0x1035e3e57 in Ms::Chord::layout() chord.cpp:1721 #4 0x103acb180 in Ms::Score::layoutChords1(Ms::Segment*, int) layout.cpp:516 #5 0x103aefa6d in Ms::Score::getNextMeasure(Ms::LayoutContext&) layout.cpp:2438 #6 0x103b0a137 in Ms::Score::collectSystem(Ms::LayoutContext&) layout.cpp:3082 #7 0x103b2d0a9 in Ms::Score::doLayoutRange(int, int) layout.cpp:3829 #8 0x103688c28 in Ms::Score::update() cmd.cpp:221 #9 0x10368a096 in Ms::Score::endCmd(bool) cmd.cpp:179 #10 0x1036c6284 in Ms::Score::cmd(QAction const*, Ms::EditData&) cmd.cpp:3620 #11 0x10302b14a in Ms::ScoreView::cmd(char const*) scoreview.cpp:2286 #12 0x1030221f4 in Ms::ScoreView::cmd(QAction const*) scoreview.cpp:1739 #13 0x102c79923 in Ms::MuseScore::cmd(QAction*, QString const&) musescore.cpp:5585 #14 0x102c74795 in Ms::MuseScore::cmd(QAction*) musescore.cpp:5119 #15 0x101752ae2 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_musescore.cpp:747 #16 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #17 0x10176bb73 in Ms::ScoreTab::actionTriggered(QAction*) moc_scoretab.cpp:187 #18 0x10176add2 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_scoretab.cpp:100 #19 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #20 0x1075ace0f in QActionGroup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (QtWidgets:x86_64+0xae0f) #21 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #22 0x1075aa344 in QAction::activate(QAction::ActionEvent) (QtWidgets:x86_64+0x8344) #23 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #24 0x10e09e943 in QObject::event(QEvent*) (QtCore:x86_64+0x214943) #25 0x1075b3b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #26 0x1075b4e9e in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x12e9e) #27 0x10e075a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) #28 0x10e076c31 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (QtCore:x86_64+0x1ecc31) #29 0x1142d3e8d in QCocoaEventDispatcherPrivate::processPostedEvents() (libqcocoa.dylib:x86_64+0x27e8d) previously allocated by thread T0 here: #0 0x10e46bb4b in wrap__Znwm (libclang_rt.asan_osx_dynamic.dylib:x86_64+0x60b4b) #1 0x1035d3298 in Ms::Chord::addLedgerLines() chord.cpp:757 #2 0x1035ecf3d in Ms::Chord::layoutPitched() chord.cpp:1873 #3 0x1035e3e57 in Ms::Chord::layout() chord.cpp:1721 #4 0x103af3cf7 in Ms::Score::getNextMeasure(Ms::LayoutContext&) layout.cpp:2556 #5 0x103b0a137 in Ms::Score::collectSystem(Ms::LayoutContext&) layout.cpp:3082 #6 0x103b244f8 in Ms::LayoutContext::collectPage() layout.cpp:3580 #7 0x103b3005d in Ms::LayoutContext::layout() layout.cpp:3890 #8 0x103b2dea0 in Ms::Score::doLayoutRange(int, int) layout.cpp:3863 #9 0x103688c28 in Ms::Score::update() cmd.cpp:221 #10 0x101eb72fd in Ms::readScore(Ms::MasterScore*, QString, bool) file.cpp:2237 #11 0x101eb52a5 in Ms::MuseScore::readScore(QString const&) file.cpp:331 #12 0x101eb4e20 in Ms::MuseScore::openScore(QString const&) file.cpp:312 #13 0x101eb2eac in Ms::MuseScore::loadFiles() file.cpp:293 #14 0x102c757f7 in Ms::MuseScore::cmd(QAction*, QString const&) musescore.cpp:5277 #15 0x102c74795 in Ms::MuseScore::cmd(QAction*) musescore.cpp:5119 #16 0x101752ae2 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) moc_musescore.cpp:747 #17 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #18 0x1075ace0f in QActionGroup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (QtWidgets:x86_64+0xae0f) #19 0x10e0a66a9 in QMetaObject::activate(QObject*, int, int, void**) (QtCore:x86_64+0x21c6a9) #20 0x1075aa344 in QAction::activate(QAction::ActionEvent) (QtWidgets:x86_64+0x8344) #21 0x1076ad498 in QAbstractButtonPrivate::click() (QtWidgets:x86_64+0x10b498) #22 0x1076ae75e in QAbstractButton::mouseReleaseEvent(QMouseEvent*) (QtWidgets:x86_64+0x10c75e) #23 0x107790b8e in QToolButton::mouseReleaseEvent(QMouseEvent*) (QtWidgets:x86_64+0x1eeb8e) #24 0x1075edc9f in QWidget::event(QEvent*) (QtWidgets:x86_64+0x4bc9f) #25 0x1076ae2c0 in QAbstractButton::event(QEvent*) (QtWidgets:x86_64+0x10c2c0) #26 0x107791140 in QToolButton::event(QEvent*) (QtWidgets:x86_64+0x1ef140) #27 0x1075b3b81 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (QtWidgets:x86_64+0x11b81) #28 0x1075b691c in QApplication::notify(QObject*, QEvent*) (QtWidgets:x86_64+0x1491c) #29 0x10e075a7e in QCoreApplication::notifyInternal2(QObject*, QEvent*) (QtCore:x86_64+0x1eba7e) SUMMARY: AddressSanitizer: heap-use-after-free bsp.cpp:57 in Ms::FindItemBspTreeVisitor::visit(QList*) Shadow bytes around the buggy address: 0x1c22000c5bb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5bc0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5bd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5be0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5bf0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x1c22000c5c00: fd fd fd fd[fd]fd fd fd fd fa fa fa fa fa fa fa 0x1c22000c5c10: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5c20: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5c30: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x1c22000c5c40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x1c22000c5c50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==4292==ABORTING Abort trap: 6