================================================================= ==3658==ERROR: AddressSanitizer: heap-use-after-free on address 0x611000c3ec80 at pc 0x1be11c5 bp 0x7fff8949ab70 sp 0x7fff8949ab68 READ of size 8 at 0x611000c3ec80 thread T0 #0 0x1be11c4 in Ms::FiguredBass::draw(QPainter*) const /home/antonio/MuseScore/libmscore/figuredbass.cpp:1188 #1 0x9e1771 in Ms::ScoreView::drawElements(QPainter&, QList const&) /home/antonio/MuseScore/mscore/scoreview.cpp:2300 #2 0x9ddc0b in Ms::ScoreView::paint(QRect const&, QPainter&) /home/antonio/MuseScore/mscore/scoreview.cpp:1889 #3 0x9db580 in Ms::ScoreView::paintEvent(QPaintEvent*) /home/antonio/MuseScore/mscore/scoreview.cpp:1670 #4 0x7f58ba87847b in QWidget::event(QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x19647b) #5 0x9f80c9 in Ms::ScoreView::event(QEvent*) /home/antonio/MuseScore/mscore/scoreview.cpp:4030 #6 0x7f58ba83c8f3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15a8f3) #7 0x7f58ba840505 in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15e505) #8 0x7f58bd3e6c83 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x2d6c83) #9 0x7f58ba8665d3 in QWidgetPrivate::sendPaintEvent(QRegion const&) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x1845d3) #10 0x7f58ba874efc (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x192efc) #11 0x7f58ba849950 (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x167950) #12 0x7f58ba849d33 (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x167d33) #13 0x7f58ba86aaad in QWidgetPrivate::syncBackingStore() (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x188aad) #14 0x7f58ba878a69 in QWidget::event(QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x196a69) #15 0x7f58ba995f8a in QMainWindow::event(QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x2b3f8a) #16 0x7f58ba83c8f3 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15a8f3) #17 0x7f58ba840505 in QApplication::notify(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Widgets.so.5+0x15e505) #18 0x7f58bd3e6c83 in QCoreApplication::notifyInternal(QObject*, QEvent*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x2d6c83) #19 0x7f58bd3e9867 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x2d9867) #20 0x7f58bd441122 (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x331122) #21 0x7f58b3ed4e03 in g_main_context_dispatch (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x48e03) #22 0x7f58b3ed5047 (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x49047) #23 0x7f58b3ed50eb in g_main_context_iteration (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x490eb) #24 0x7f58bd441553 in QEventDispatcherGlib::processEvents(QFlags) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x331553) #25 0x7f58bd3e4eaa in QEventLoop::exec(QFlags) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x2d4eaa) #26 0x7f58bd3e9dc4 in QCoreApplication::exec() (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x2d9dc4) #27 0xc62b98 in main /home/antonio/MuseScore/mscore/musescore.cpp:5026 #28 0x7f58b58ccec4 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21ec4) #29 0x9cbdc8 (/usr/local/bin/mscore+0x9cbdc8) 0x611000c3ec80 is located 0 bytes inside of 240-byte region [0x611000c3ec80,0x611000c3ed70) freed by thread T0 here: #0 0x7f58be001517 in operator delete(void*) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x55517) #1 0x1bd6a2f in Ms::FiguredBassItem::~FiguredBassItem() /home/antonio/MuseScore/libmscore/figuredbass.cpp:71 #2 0x1bdf182 in Ms::FiguredBass::~FiguredBass() /home/antonio/MuseScore/libmscore/figuredbass.cpp:972 #3 0x1bdf20d in Ms::FiguredBass::~FiguredBass() /home/antonio/MuseScore/libmscore/figuredbass.cpp:973 #4 0x1b70926 in Ms::AddElement::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:1461 #5 0x1b63894 in Ms::UndoCommand::cleanup(bool) /home/antonio/MuseScore/libmscore/undo.cpp:130 #6 0x1b6469e in Ms::UndoStack::endMacro(bool) /home/antonio/MuseScore/libmscore/undo.cpp:234 #7 0x1b94213 in Ms::Score::endCmd(bool) /home/antonio/MuseScore/libmscore/cmd.cpp:141 #8 0xc5831c in Ms::MuseScore::cmd(QAction*) /home/antonio/MuseScore/mscore/musescore.cpp:3905 #9 0x152c5c3 in Ms::MuseScore::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/antonio/MuseScore/build.debug/mscore/moc_musescore.cpp:810 #10 0x7f58bd418e79 in QMetaObject::activate(QObject*, int, int, void**) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x308e79) previously allocated by thread T0 here: #0 0x7f58be00109f in operator new(unsigned long) (/usr/lib/x86_64-linux-gnu/libasan.so.1+0x5509f) #1 0x1be1742 in Ms::FiguredBass::endEdit() /home/antonio/MuseScore/libmscore/figuredbass.cpp:1229 #2 0x11d3554 in Ms::ScoreView::endEdit() /home/antonio/MuseScore/mscore/editelement.cpp:101 #3 0xa06787 in Ms::ScoreView::figuredBassTab(bool, bool) /home/antonio/MuseScore/mscore/scoreview.cpp:5494 #4 0x10e96e4 in Ms::ScoreView::editKey(QKeyEvent*) /home/antonio/MuseScore/mscore/keyb.cpp:195 #5 0xa1826b in Ms::EditKeyTransition::onTransition(QEvent*) (/usr/local/bin/mscore+0xa1826b) #6 0x7f58bd44de07 in QStateMachinePrivate::executeTransitionContent(QEvent*, QList const&) (/home/antonio/Qt5.4.0/5.4/gcc_64/lib/libQt5Core.so.5+0x33de07) SUMMARY: AddressSanitizer: heap-use-after-free /home/antonio/MuseScore/libmscore/figuredbass.cpp:1188 Ms::FiguredBass::draw(QPainter*) const Shadow bytes around the buggy address: 0x0c228017fd40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228017fd50: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228017fd60: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c228017fd70: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228017fd80: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa =>0x0c228017fd90:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228017fda0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa 0x0c228017fdb0: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd 0x0c228017fdc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x0c228017fdd0: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fa fa 0x0c228017fde0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Contiguous container OOB:fc ASan internal: fe ==3658==ABORTING