================================================================= ==2296==ERROR: AddressSanitizer: heap-use-after-free on address 0x621000af0108 at pc 0xa19606 bp 0x7fff073a98f0 sp 0x7fff073a98e8 READ of size 1 at 0x621000af0108 thread T0 #0 0xa19605 in Ms::Drumset::isValid(int) const /home/antonio/MuseScore/libmscore/drumset.h:53 #1 0xfa4cf4 in Ms::DrumTools::updateDrumset() /home/antonio/MuseScore/mscore/drumtools.cpp:94 #2 0xc60636 in Ms::MuseScore::updateDrumTools() /home/antonio/MuseScore/mscore/musescore.cpp:4413 #3 0xfa5b0c in Ms::DrumTools::editDrumset() /home/antonio/MuseScore/mscore/drumtools.cpp:157 #4 0x152743e in Ms::DrumTools::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_drumtools.cpp:74 #5 0x7f0e2bcb3019 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x309019) #6 0x7f0e29443bd1 in QAbstractButton::clicked(bool) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x506bd1) #7 0x7f0e29197062 (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x25a062) #8 0x7f0e29197979 (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x25a979) #9 0x7f0e29197b83 in QAbstractButton::mouseReleaseEvent(QMouseEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x25ab83) #10 0x7f0e2925c1f9 in QToolButton::mouseReleaseEvent(QMouseEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x31f1f9) #11 0x7f0e290d3b9b in QWidget::event(QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x196b9b) #12 0x7f0e2925d08f in QToolButton::event(QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x32008f) #13 0x7f0e290982b3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15b2b3) #14 0x7f0e2909ba4b in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15ea4b) #15 0x7f0e2bc80e23 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x2d6e23) #16 0x7f0e2909a977 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer&, bool) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15d977) #17 0x7f0e290eeb56 (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x1b1b56) #18 0x7f0e290f1647 (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x1b4647) #19 0x7f0e290982b3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15b2b3) #20 0x7f0e2909bc85 in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15ec85) #21 0x7f0e2bc80e23 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x2d6e23) #22 0x7f0e2b2d9fa6 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Gui.so.5+0xedfa6) #23 0x7f0e2b2daa34 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Gui.so.5+0xeea34) #24 0x7f0e2b2bf727 in QWindowSystemInterface::sendWindowSystemEvents(QFlags) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Gui.so.5+0xd3727) #25 0x7f0e188a4a0f (/home/antonio/Qt5.4.1/5.4/gcc_64/plugins/platforms/libqxcb.so+0xb3a0f) #26 0x7f0e22730e03 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03) #27 0x7f0e22731047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047) #28 0x7f0e227310eb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb) #29 0x7f0e2bcdb5e3 in QEventDispatcherGlib::processEvents(QFlags) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x3315e3) #30 0x7f0e2bc7f04a in QEventLoop::exec(QFlags) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x2d504a) #31 0x7f0e2bc83f64 in QCoreApplication::exec() (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x2d9f64) #32 0xc65833 in main /home/antonio/MuseScore/mscore/musescore.cpp:5013 #33 0x7f0e24128ec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #34 0x9cf0b8 (/usr/local/bin/mscore+0x9cf0b8) 0x621000af0108 is located 8 bytes inside of 4096-byte region [0x621000af0100,0x621000af1100) freed by thread T0 here: #0 0x7f0e2c89b517 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55517) #1 0x18f1a10 in Ms::Instrument::setDrumset(Ms::Drumset const*) /home/antonio/MuseScore/libmscore/instrument.cpp:738 #2 0xfa5ad6 in Ms::DrumTools::editDrumset() /home/antonio/MuseScore/mscore/drumtools.cpp:156 #3 0x152743e in Ms::DrumTools::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_drumtools.cpp:74 #4 0x7f0e2bcb3019 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x309019) previously allocated by thread T0 here: #0 0x7f0e2c89b09f in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5509f) #1 0x18f1a7d in Ms::Instrument::setDrumset(Ms::Drumset const*) /home/antonio/MuseScore/libmscore/instrument.cpp:741 #2 0x18e93b0 in Ms::Instrument::Instrument(Ms::Instrument const&) /home/antonio/MuseScore/libmscore/instrument.cpp:109 #3 0x19b21e7 in Ms::Part::setInstrument(Ms::Instrument const&&, int) /home/antonio/MuseScore/libmscore/part.cpp:326 #4 0x19b08b1 in Ms::Part::initFromInstrTemplate(Ms::InstrumentTemplate const*) /home/antonio/MuseScore/libmscore/part.cpp:47 #5 0xb174f7 in Ms::InstrumentsWidget::createInstruments(Ms::Score*) /home/antonio/MuseScore/mscore/instrwidget.cpp:975 #6 0xe153a5 in Ms::NewWizardPage2::createInstruments(Ms::Score*) /home/antonio/MuseScore/mscore/newwizard.cpp:232 #7 0x10e6e99 in Ms::NewWizard::createInstruments(Ms::Score*) /home/antonio/MuseScore/mscore/newwizard.h:191 #8 0x10ca483 in Ms::MuseScore::newFile() /home/antonio/MuseScore/mscore/file.cpp:541 #9 0xc5c714 in Ms::MuseScore::cmd(QAction*, QString const&) /home/antonio/MuseScore/mscore/musescore.cpp:4002 #10 0xc5adfc in Ms::MuseScore::cmd(QAction*) /home/antonio/MuseScore/mscore/musescore.cpp:3875 #11 0x153c149 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_musescore.cpp:810 #12 0x7f0e2bcb3019 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.4.1/5.4/gcc_64/lib/libQt5Core.so.5+0x309019) SUMMARY: AddressSanitizer: heap-use-after-free /home/antonio/MuseScore/libmscore/drumset.h:53 Ms::Drumset::isValid(int) const Shadow bytes around the buggy address: 0x0c4280155fd0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280155fe0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280155ff0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280156000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x0c4280156010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x0c4280156020: fd[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4280156030: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4280156040: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4280156050: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4280156060: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c4280156070: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==2296==ABORTING