================================================================= ==10520==ERROR: AddressSanitizer: heap-use-after-free on address 0x614001735b48 at pc 0x558da56d5efd bp 0x7fff50fc1100 sp 0x7fff50fc10f0 READ of size 8 at 0x614001735b48 thread T0 #0 0x558da56d5efc in QListData::isEmpty() const /Qt/5.12.8/gcc_64/include/QtCore/qlist.h:114 #1 0x558da7a83345 in QList::isEmpty() const /Qt/5.12.8/gcc_64/include/QtCore/qlist.h:195 #2 0x558da8026b5b in Ms::TextBase::selectAll(Ms::TextCursor*) /MuseScore/libmscore/textbase.cpp:1871 #3 0x558da800737d in Ms::TextCursor::changeSelectionFormat(Ms::FormatId, QVariant) /MuseScore/libmscore/textbase.cpp:155 #4 0x558da8009503 in Ms::TextCursor::setFormat(Ms::FormatId, QVariant) /MuseScore/libmscore/textbase.cpp:245 #5 0x558da8024b21 in Ms::TextBase::setFamily(QString const&) /MuseScore/libmscore/textbase.cpp:1699 #6 0x558da8035aaa in Ms::TextBase::setProperty(Ms::Pid, QVariant const&) /MuseScore/libmscore/textbase.cpp:2601 #7 0x558da803900c in Ms::TextBase::styleChanged() /MuseScore/libmscore/textbase.cpp:2788 #8 0x558da7d79de5 in updateStyle /MuseScore/libmscore/score.cpp:1293 #9 0x558da7991fbb in Ms::Element::scanElements(void*, void (*)(void*, Ms::Element*), bool) /MuseScore/libmscore/element.cpp:235 #10 0x558da7df3462 in Ms::Segment::scanElements(void*, void (*)(void*, Ms::Element*), bool) /MuseScore/libmscore/segment.cpp:1210 #11 0x558da7c102c5 in Ms::Measure::scanElements(void*, void (*)(void*, Ms::Element*), bool) /MuseScore/libmscore/measure.cpp:2588 #12 0x558da7d809e5 in Ms::Score::scanElements(void*, void (*)(void*, Ms::Element*), bool) /MuseScore/libmscore/score.cpp:1898 #13 0x558da7d79e74 in Ms::Score::styleChanged() /MuseScore/libmscore/score.cpp:1304 #14 0x558da8154ddb in Ms::ChangeStyleVal::flip(Ms::EditData*) /MuseScore/libmscore/undo.cpp:1723 #15 0x558da8133189 in Ms::UndoCommand::redo(Ms::EditData*) /MuseScore/libmscore/undo.cpp:172 #16 0x558da8135b0a in Ms::UndoStack::push(Ms::UndoCommand*, Ms::EditData*) /MuseScore/libmscore/undo.cpp:318 #17 0x558da7da3151 in Ms::Score::undo(Ms::UndoCommand*, Ms::EditData*) const /MuseScore/libmscore/score.cpp:3756 #18 0x558da81bfb8d in Ms::Score::cmdToggleMmrest() /MuseScore/libmscore/cmd.cpp:3905 #19 0x558da81c8d42 in operator() /MuseScore/libmscore/cmd.cpp:4383 #20 0x558da820ef3b in _M_invoke /usr/include/c++/7/bits/std_function.h:316 #21 0x558da8231884 in std::function::operator()(Ms::Score*, Ms::EditData&) const /usr/include/c++/7/bits/std_function.h:706 #22 0x558da81cf532 in Ms::Score::cmd(QAction const*, Ms::EditData&) /MuseScore/libmscore/cmd.cpp:4404 #23 0x558da60f11ec in Ms::ScoreView::cmd(char const*) /MuseScore/mscore/scoreview.cpp:2804 #24 0x558da60db900 in Ms::ScoreView::cmd(QAction const*) /MuseScore/mscore/scoreview.cpp:2015 #25 0x558da56972d6 in Ms::MuseScore::cmd(QAction*, QString const&) /MuseScore/mscore/musescore.cpp:6874 #26 0x558da568a1f9 in Ms::MuseScore::cmd(QAction*) /MuseScore/mscore/musescore.cpp:6295 #27 0x558da5ef7ff4 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_musescore.cpp:513 #28 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #29 0x558da5f5feba in Ms::ScoreTab::actionTriggered(QAction*) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:225 #30 0x558da5f5e323 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:110 #31 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #32 0x7f98586dee4e in QActionGroup::triggered(QAction*) .moc/moc_qactiongroup.cpp:246 #33 0x7f98586dfa08 in QActionGroup::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) .moc/moc_qactiongroup.cpp:119 #34 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #35 0x7f98586db951 in QAction::triggered(bool) .moc/moc_qaction.cpp:380 #36 0x7f98586ddd6f in QAction::activate(QAction::ActionEvent) kernel/qaction.cpp:1166 #37 0x7f98586de62c in QAction::event(QEvent*) kernel/qaction.cpp:1092 #38 0x7f98586e192b in QApplicationPrivate::notify_helper(QObject*, QEvent*) kernel/qapplication.cpp:3700 #39 0x7f98586e8b0f in QApplication::notify(QObject*, QEvent*) kernel/qapplication.cpp:3446 #40 0x7f984f426347 in QCoreApplication::notifyInternal2(QObject*, QEvent*) kernel/qcoreapplication.cpp:1088 #41 0x7f9850516fd2 in QShortcutMap::dispatchEvent(QKeyEvent*) kernel/qshortcutmap.cpp:700 #42 0x7f9850517098 in QShortcutMap::tryShortcut(QKeyEvent*) kernel/qshortcutmap.cpp:351 #43 0x7f98504ce951 in QWindowSystemInterface::handleShortcutEvent(QWindow*, unsigned long, int, QFlags, unsigned int, unsigned int, unsigned int, QString const&, bool, unsigned short) kernel/qwindowsysteminterface.cpp:465 #44 0x7f98504e8c73 in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) kernel/qguiapplication.cpp:2214 #45 0x7f98504ed984 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) kernel/qguiapplication.cpp:1848 #46 0x7f98504caf9a in QWindowSystemInterface::sendWindowSystemEvents(QFlags) kernel/qwindowsysteminterface.cpp:1151 #47 0x7f984019fce9 in xcbSourceDispatch(_GSource*, int (*)(void*), void*) (/Qt/5.12.8/gcc_64/plugins/platforms/../../lib/libQt5XcbQpa.so.5+0x6bce9) #48 0x7f9846957416 in g_main_context_dispatch (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c416) #49 0x7f984695764f (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c64f) #50 0x7f98469576db in g_main_context_iteration (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x4c6db) #51 0x7f984f47d75e in QEventDispatcherGlib::processEvents(QFlags) kernel/qeventdispatcher_glib.cpp:422 #52 0x7f984f424c09 in QEventLoop::exec(QFlags) kernel/qeventloop.cpp:225 #53 0x7f984f42d64f in QCoreApplication::exec() kernel/qcoreapplication.cpp:1389 #54 0x558da56bdbbf in Ms::runApplication(int&, char**) /MuseScore/mscore/musescore.cpp:8226 #55 0x558da55eb674 in main /MuseScore/main/main.cpp:111 #56 0x7f984db1fb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #57 0x558da55eb349 in _start (/usr/local/bin/mscore+0x75c7349) 0x614001735b48 is located 264 bytes inside of 424-byte region [0x614001735a40,0x614001735be8) freed by thread T0 here: #0 0x7f985bc7f2c0 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe12c0) #1 0x558da7c3f515 in Ms::StaffText::~StaffText() /MuseScore/libmscore/stafftext.h:26 #2 0x558da5b6a656 in std::default_delete::operator()(Ms::Element*) const /usr/include/c++/7/bits/unique_ptr.h:78 #3 0x558da5b6440d in std::unique_ptr >::~unique_ptr() /usr/include/c++/7/bits/unique_ptr.h:263 #4 0x558da8318ede in Ms::Score::cmdPaste(QMimeData const*, Ms::MuseScoreView*, Ms::Fraction) /MuseScore/libmscore/paste.cpp:990 #5 0x558da60daee0 in Ms::ScoreView::normalPaste(Ms::Fraction) /MuseScore/mscore/scoreview.cpp:1968 #6 0x558da60dc032 in operator() /MuseScore/mscore/scoreview.cpp:2062 #7 0x558da613a12b in _M_invoke /usr/include/c++/7/bits/std_function.h:316 #8 0x558da617f5dc in std::function::operator()(Ms::ScoreView*, QByteArray const&) const (/usr/local/bin/mscore+0x815b5dc) #9 0x558da60f1096 in Ms::ScoreView::cmd(char const*) /MuseScore/mscore/scoreview.cpp:2800 #10 0x558da60db900 in Ms::ScoreView::cmd(QAction const*) /MuseScore/mscore/scoreview.cpp:2015 #11 0x558da56972d6 in Ms::MuseScore::cmd(QAction*, QString const&) /MuseScore/mscore/musescore.cpp:6874 #12 0x558da568a1f9 in Ms::MuseScore::cmd(QAction*) /MuseScore/mscore/musescore.cpp:6295 #13 0x558da5ef7ff4 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_musescore.cpp:513 #14 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #15 0x558da5f5feba in Ms::ScoreTab::actionTriggered(QAction*) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:225 #16 0x558da5f5e323 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:110 #17 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #18 0x7f98586dee4e in QActionGroup::triggered(QAction*) .moc/moc_qactiongroup.cpp:246 #19 0x7f98586db951 in QAction::triggered(bool) .moc/moc_qaction.cpp:380 previously allocated by thread T0 here: #0 0x7f985bc7e448 in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe0448) #1 0x558da79a2f35 in Ms::Element::create(Ms::ElementType, Ms::Score*) /MuseScore/libmscore/element.cpp:1089 #2 0x558da79a20e5 in Ms::Element::readMimeData(Ms::Score*, QByteArray const&, QPointF*, Ms::Fraction*) /MuseScore/libmscore/element.cpp:1028 #3 0x558da8318081 in Ms::Score::cmdPaste(QMimeData const*, Ms::MuseScoreView*, Ms::Fraction) /MuseScore/libmscore/paste.cpp:984 #4 0x558da60daee0 in Ms::ScoreView::normalPaste(Ms::Fraction) /MuseScore/mscore/scoreview.cpp:1968 #5 0x558da60dc032 in operator() /MuseScore/mscore/scoreview.cpp:2062 #6 0x558da613a12b in _M_invoke /usr/include/c++/7/bits/std_function.h:316 #7 0x558da617f5dc in std::function::operator()(Ms::ScoreView*, QByteArray const&) const (/usr/local/bin/mscore+0x815b5dc) #8 0x558da60f1096 in Ms::ScoreView::cmd(char const*) /MuseScore/mscore/scoreview.cpp:2800 #9 0x558da60db900 in Ms::ScoreView::cmd(QAction const*) /MuseScore/mscore/scoreview.cpp:2015 #10 0x558da56972d6 in Ms::MuseScore::cmd(QAction*, QString const&) /MuseScore/mscore/musescore.cpp:6874 #11 0x558da568a1f9 in Ms::MuseScore::cmd(QAction*) /MuseScore/mscore/musescore.cpp:6295 #12 0x558da5ef7ff4 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_musescore.cpp:513 #13 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #14 0x558da5f5feba in Ms::ScoreTab::actionTriggered(QAction*) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:225 #15 0x558da5f5e323 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /MuseScore/build.debug/mscore/mscoreapp_autogen/EWIEGA46WW/moc_scoretab.cpp:110 #16 0x7f984f451e38 in QMetaObject::activate(QObject*, int, int, void**) kernel/qobject.cpp:3804 #17 0x7f98586dee4e in QActionGroup::triggered(QAction*) .moc/moc_qactiongroup.cpp:246 #18 0x7f98586db951 in QAction::triggered(bool) .moc/moc_qaction.cpp:380 SUMMARY: AddressSanitizer: heap-use-after-free /Qt/5.12.8/gcc_64/include/QtCore/qlist.h:114 in QListData::isEmpty() const Shadow bytes around the buggy address: 0x0c28802deb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c28802deb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0c28802deb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fa fa 0x0c28802deb40: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c28802deb50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c28802deb60: fd fd fd fd fd fd fd fd fd[fd]fd fd fd fd fd fd 0x0c28802deb70: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x0c28802deb80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c28802deb90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c28802deba0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c28802debb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==10520==ABORTING