RemoveElement::cleanup: delete 1 Tuplet RemoveElement::cleanup: delete 1 Chord ================================================================= ==6271==ERROR: AddressSanitizer: heap-use-after-free on address 0x614000416d18 at pc 0xa28c0e bp 0x7fffa81e1390 sp 0x7fffa81e1388 READ of size 8 at 0x614000416d18 thread T0 #0 0xa28c0d in QListData::isEmpty() const /home/antonio/Qt5.3.2/5.3/gcc_64/include/QtCore/qlist.h:97 #1 0xc25931 in QList::isEmpty() const /home/antonio/Qt5.3.2/5.3/gcc_64/include/QtCore/qlist.h:162 #2 0x1b30ac8 in Ms::DurationElement::~DurationElement() /home/antonio/MuseScore/libmscore/duration.cpp:49 #3 0x17a4190 in Ms::ChordRest::~ChordRest() /home/antonio/MuseScore/libmscore/chordrest.cpp:132 #4 0x175b2be in Ms::Chord::~Chord() /home/antonio/MuseScore/libmscore/chord.cpp:302 #5 0x175b2f3 in Ms::Chord::~Chord() /home/antonio/MuseScore/libmscore/chord.cpp:320 #6 0x1acc55b in Ms::RemoveElement::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:1624 #7 0x1abd728 in Ms::UndoCommand::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:130 #8 0x1abdf14 in Ms::UndoStack::~UndoStack() /home/antonio/MuseScore/libmscore/undo.cpp:197 #9 0x193a19c in Ms::Score::~Score() /home/antonio/MuseScore/libmscore/score.cpp:426 #10 0x193a59d in Ms::Score::~Score() /home/antonio/MuseScore/libmscore/score.cpp:430 #11 0xc520d2 in Ms::MuseScore::removeTab(int) /home/antonio/MuseScore/mscore/musescore.cpp:1864 #12 0x995b64 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_musescore.cpp:776 #13 0x7f257313b870 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x300870) #14 0x9b5102 in Ms::ScoreTab::tabCloseRequested(int) /home/antonio/MuseScore/build.debug/mscore/moc_scoretab.cpp:181 #15 0x9b44c9 in Ms::ScoreTab::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_scoretab.cpp:92 #16 0x7f257313b870 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x300870) #17 0x7f25707ba720 in QTabBar::tabCloseRequested(int) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x2e6720) #18 0x7f257313b870 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x300870) #19 0x7f25709abee1 in QAbstractButton::clicked(bool) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x4d7ee1) #20 0x7f2570719f82 (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x245f82) #21 0x7f257071a899 (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x246899) #22 0x7f257071aaa3 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x246aa3) #23 0x7f25706528b6 in QWidget::event(QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x17e8b6) #24 0x7f257061a723 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x146723) #25 0x7f257061db1b in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x149b1b) #26 0x7f2573109fc3 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x2cefc3) #27 0x7f257061cc89 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer&, bool) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x148c89) #28 0x7f2570672b26 (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x19eb26) #29 0x7f2570675677 (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x1a1677) #30 0x7f257061a723 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x146723) #31 0x7f257061dd45 in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Widgets.so.5+0x149d45) #32 0x7f2573109fc3 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x2cefc3) #33 0x7f25727febf6 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Gui.so.5+0xe8bf6) #34 0x7f25727ff5f4 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Gui.so.5+0xe95f4) #35 0x7f25727e45b7 in QWindowSystemInterface::sendWindowSystemEvents(QFlags) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Gui.so.5+0xce5b7) #36 0x7f2560443a6f (/home/antonio/Qt5.3.2/5.3/gcc_64/plugins/platforms/libqxcb.so+0xada6f) #37 0x7f2569f94e03 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03) #38 0x7f2569f95047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047) #39 0x7f2569f950eb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb) #40 0x7f2573164683 in QEventDispatcherGlib::processEvents(QFlags) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x329683) #41 0x7f25731081da in QEventLoop::exec(QFlags) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x2cd1da) #42 0x7f257310d0a4 in QCoreApplication::exec() (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x2d20a4) #43 0xc73785 in main /home/antonio/MuseScore/mscore/musescore.cpp:4953 #44 0x7f256b95dec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #45 0x98de18 (/usr/local/bin/mscore+0x98de18) 0x614000416d18 is located 216 bytes inside of 440-byte region [0x614000416c40,0x614000416df8) freed by thread T0 here: #0 0x7f2573d24517 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55517) #1 0x1a5c1b9 in Ms::Tuplet::~Tuplet() /home/antonio/MuseScore/libmscore/tuplet.cpp:81 #2 0x1acc55b in Ms::RemoveElement::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:1624 #3 0x1abd728 in Ms::UndoCommand::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:130 #4 0x1abdf14 in Ms::UndoStack::~UndoStack() /home/antonio/MuseScore/libmscore/undo.cpp:197 #5 0x193a19c in Ms::Score::~Score() /home/antonio/MuseScore/libmscore/score.cpp:426 #6 0x193a59d in Ms::Score::~Score() /home/antonio/MuseScore/libmscore/score.cpp:430 #7 0xc520d2 in Ms::MuseScore::removeTab(int) /home/antonio/MuseScore/mscore/musescore.cpp:1864 #8 0x995b64 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_musescore.cpp:776 #9 0x7f257313b870 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x300870) previously allocated by thread T0 here: #0 0x7f2573d2409f in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5509f) #1 0x18c2b1a in Ms::Measure::read(Ms::XmlReader&, int) /home/antonio/MuseScore/libmscore/measure.cpp:2230 #2 0x1b0c2c4 in Ms::Score::readStaff(Ms::XmlReader&) /home/antonio/MuseScore/libmscore/scorefile.cpp:314 #3 0x1b5e821 in Ms::Score::read114(Ms::XmlReader&) /home/antonio/MuseScore/libmscore/read114.cpp:363 #4 0x1b12385 in Ms::Score::read1(Ms::XmlReader&, bool) /home/antonio/MuseScore/libmscore/scorefile.cpp:898 #5 0x1b10de2 in Ms::Score::loadCompressedMsc(QString, bool) /home/antonio/MuseScore/libmscore/scorefile.cpp:768 #6 0x1b11362 in Ms::Score::loadMsc(QString, bool) /home/antonio/MuseScore/libmscore/scorefile.cpp:809 #7 0x10ce925 in Ms::readScore(Ms::Score*, QString, bool) /home/antonio/MuseScore/mscore/file.cpp:1945 #8 0x10b8814 in Ms::MuseScore::readScore(QString const&) /home/antonio/MuseScore/mscore/file.cpp:314 #9 0x10b85b8 in Ms::MuseScore::openScore(QString const&) /home/antonio/MuseScore/mscore/file.cpp:294 #10 0x10b8155 in Ms::MuseScore::loadFiles() /home/antonio/MuseScore/mscore/file.cpp:275 #11 0xc6a0a7 in Ms::MuseScore::cmd(QAction*, QString const&) /home/antonio/MuseScore/mscore/musescore.cpp:3923 #12 0xc68c5a in Ms::MuseScore::cmd(QAction*) /home/antonio/MuseScore/mscore/musescore.cpp:3822 #13 0x9966f7 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_musescore.cpp:803 #14 0x7f257313b870 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.3.2/5.3/gcc_64/lib/libQt5Core.so.5+0x300870) SUMMARY: AddressSanitizer: heap-use-after-free /home/antonio/Qt5.3.2/5.3/gcc_64/include/QtCore/qlist.h:97 QListData::isEmpty() const Shadow bytes around the buggy address: 0x0c288007ad50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c288007ad60: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c288007ad70: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa 0x0c288007ad80: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c288007ad90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd =>0x0c288007ada0: fd fd fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd 0x0c288007adb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa 0x0c288007adc0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c288007add0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c288007ade0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c288007adf0: fd fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==6271==ABORTING