SIGSEGV when closing empty PianoRoll

[psilhavy]

Platform : Linux chaos 4.0.2 SMP x86_64 , qt-4.8.5
LMMS Version 1.1.3
LMMS from git stable-1.1
How to cause SIGSEGV :

• open empty PianoRoll
• hit ^W

Program received signal SIGSEGV, Segmentation fault.
0x00000000004888fc in PianoRoll::focusOutEvent (this=0x217e890)
    at /usr/src/lmms/src/gui/PianoRoll.cpp:3637
3637                    m_pattern->instrumentTrack()->pianoModel()->midiEventProcessor()->processInEvent( MidiEvent( MidiNoteOff, -1, i, 0 ) );
(gdb) p MidiNoteOff
$1 = MidiNoteOff
(gdb) p m_pattern 
$2 = (Pattern *) 0x0
(gdb) bt
#0  0x00000000004888fc in PianoRoll::focusOutEvent (this=0x217e890)
    at /usr/src/lmms/src/gui/PianoRoll.cpp:3637
#1  0x00007fa026adce36 in QWidget::event(QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#2  0x00007fa026a8dc5c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    () from /usr/lib64/libQtGui.so.4
#3  0x00007fa026a94220 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#4  0x00007fa0262ddc5d in QCoreApplication::notifyInternal(QObject*, QEvent*)
    () from /usr/lib64/libQtCore.so.4
#5  0x00007fa026a922c2 in QApplicationPrivate::setFocusWidget(QWidget*, Qt::FocusReason) () from /usr/lib64/libQtGui.so.4
#6  0x00007fa026ad82eb in QWidget::setFocus(Qt::FocusReason) ()
   from /usr/lib64/libQtGui.so.4
#7  0x00007fa026ad85e7 in QWidget::focusNextPrevChild(bool) ()
   from /usr/lib64/libQtGui.so.4
#8  0x00007fa026ad9305 in QWidgetPrivate::hide_helper() ()
   from /usr/lib64/libQtGui.so.4
#9  0x00007fa026adc518 in QWidget::setVisible(bool) ()
   from /usr/lib64/libQtGui.so.4
#10 0x0000000000488776 in hide (this=<optimized out>)
    at /usr/lib64/qt/include/QtGui/qwidget.h:501
#11 PianoRoll::closeEvent (this=0x217e890, _ce=0x7ffc61d48bc0)
---Type <return> to continue, or q <return> to quit--- 
    at /usr/src/lmms/src/gui/PianoRoll.cpp:1113
#12 0x00007fa026adcd8e in QWidget::event(QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#13 0x00007fa026a8dc5c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    () from /usr/lib64/libQtGui.so.4
#14 0x00007fa026a94220 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#15 0x00007fa0262ddc5d in QCoreApplication::notifyInternal(QObject*, QEvent*)
    () from /usr/lib64/libQtCore.so.4
#16 0x00007fa026ad95e9 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) () from /usr/lib64/libQtGui.so.4
#17 0x00007fa026eadec4 in QMdiSubWindow::closeEvent(QCloseEvent*) ()
   from /usr/lib64/libQtGui.so.4
#18 0x00007fa026adcd8e in QWidget::event(QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#19 0x00007fa026ead75b in QMdiSubWindow::event(QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#20 0x00007fa026a8dc5c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    () from /usr/lib64/libQtGui.so.4
#21 0x00007fa026a94220 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#22 0x00007fa0262ddc5d in QCoreApplication::notifyInternal(QObject*, QEvent*)
    () from /usr/lib64/libQtCore.so.4
---Type <return> to continue, or q <return> to quit---
#23 0x00007fa026ad95e9 in QWidgetPrivate::close_helper(QWidgetPrivate::CloseMode) () from /usr/lib64/libQtGui.so.4
#24 0x00007fa026ada2d6 in ?? () from /usr/lib64/libQtGui.so.4
#25 0x00007fa0262f17c8 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#26 0x00007fa026a87b02 in QAction::triggered(bool) ()
   from /usr/lib64/libQtGui.so.4
#27 0x00007fa026a894d3 in QAction::activate(QAction::ActionEvent) ()
   from /usr/lib64/libQtGui.so.4
#28 0x00007fa026a8962c in QAction::event(QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#29 0x00007fa026a8dc5c in QApplicationPrivate::notify_helper(QObject*, QEvent*)
    () from /usr/lib64/libQtGui.so.4
#30 0x00007fa026a94220 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#31 0x00007fa0262ddc5d in QCoreApplication::notifyInternal(QObject*, QEvent*)
    () from /usr/lib64/libQtCore.so.4
#32 0x00007fa026abef16 in ?? () from /usr/lib64/libQtGui.so.4
#33 0x00007fa026abf044 in ?? () from /usr/lib64/libQtGui.so.4
#34 0x00007fa026a954f3 in QApplication::notify(QObject*, QEvent*) ()
   from /usr/lib64/libQtGui.so.4
#35 0x00007fa0262ddc5d in QCoreApplication::notifyInternal(QObject*, QEvent*)
    () from /usr/lib64/libQtCore.so.4
---Type <return> to continue, or q <return> to quit---
#36 0x00007fa026b27be9 in ?? () from /usr/lib64/libQtGui.so.4
#37 0x00007fa026b27f68 in ?? () from /usr/lib64/libQtGui.so.4
#38 0x00007fa026b0441f in QApplication::x11ProcessEvent(_XEvent*) ()
   from /usr/lib64/libQtGui.so.4
#39 0x00007fa026b2a6f2 in ?? () from /usr/lib64/libQtGui.so.4
#40 0x00007fa0237a9316 in g_main_context_dispatch ()
   from /usr/lib64/libglib-2.0.so.0
#41 0x00007fa0237a9668 in ?? () from /usr/lib64/libglib-2.0.so.0
#42 0x00007fa0237a970c in g_main_context_iteration ()
   from /usr/lib64/libglib-2.0.so.0
#43 0x00007fa02630a7b6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#44 0x00007fa026b2a786 in ?? () from /usr/lib64/libQtGui.so.4
#45 0x00007fa0262dc8bf in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#46 0x00007fa0262dcbb5 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#47 0x00007fa0262e1ccb in QCoreApplication::exec() ()
   from /usr/lib64/libQtCore.so.4
#48 0x000000000047f550 in main (argc=1, argv=0x7ffc61d483e0)
    at /usr/src/lmms/src/core/main.cpp:529

[tresf]

Thanks for submitting the bug report. Please surround stacktraces in ``` tags. I've done this for you out of courtesy.

Also, can you edit your original bug report with specific information about how to reproduce. This must include:

• Platform, OS, Arch, etc.
• LMMS Version
• Where you got LMMS from
• Step-by-step instructions for a developer to reproduce the crash in an identical environment

-Tres

[psilhavy]

Platform : Linux chaos 4.0.2 SMP x86_64 , qt-4.8.5
LMMS Version 1.1.3
LMMS from git stable-1.1
How to cause SIGSEGV :

• open empty PianoRoll
• hit ^W

[tresf]

@psilhavy, thanks, we'll take a look.

[softrabbit]

Looks like this might be fixed in master? I get the crash on stable-1.1 but not on master.
LMMS 1.1.3 (Linux i386, Qt 4.8.6, GCC 4.8.2), Ubuntu 14.04.2 LTS

[Wallacoloo]

Not affecting me on master either - using Ubuntu 15.04 & gcc 4.9.

[tresf]

Since we've no plans to patch stable-1.1 at this point, this likely won't receive a patch but instead be fixed after upgrading to the future stable-1.2 release. If it is determined that we need to backport a fix, we can do that too, but we'd the demand to be present . 👍

[ThomasJClark]

I guess there wouldn't be interest in a PR for this fix (let me know if I'm wrong about this), but since it's stupid simple, here's the patch I've been using. In case anyone finds it useful.

diff --git a/src/gui/PianoRoll.cpp b/src/gui/PianoRoll.cpp
index 01a5de0..33862ae 100644
--- a/src/gui/PianoRoll.cpp
+++ b/src/gui/PianoRoll.cpp
@@ -3632,12 +3632,15 @@ void PianoRoll::wheelEvent( QWheelEvent * _we )

 void PianoRoll::focusOutEvent( QFocusEvent * )
 {
-       for( int i = 0; i < NumKeys; ++i )
+       if( hasValidPattern() )
        {
-               m_pattern->instrumentTrack()->pianoModel()->midiEventProcessor()->processInEvent( MidiEvent( MidiNoteOff, -1, i, 0 ) );
-               m_pattern->instrumentTrack()->pianoModel()->setKeyState( i, false );
+               for( int i = 0; i < NumKeys; ++i )
+               {
+                       m_pattern->instrumentTrack()->pianoModel()->midiEventProcessor()->processInEvent( MidiEvent( MidiNoteOff, -1, i, 0 ) );
+                       m_pattern->instrumentTrack()->pianoModel()->setKeyState( i, false );
+               }
+               update();
        }
-       update();
 }

I've been using this applied on top of stable-1.1 (master crashes a lot for me)

[Wallacoloo]

Interesting. This seems like a bug that has appeared intermittently throughout development. It does effect the current master (commit 96a1d41), however I have an older install from 4 weeks ago that is immune to this bug (not sure as to why).

To reproduce on current master, just launch LMMS and hit F7 (shortcut to open Piano Roll) once it loads.

Looking through the source code, it doesn't appear that the focusOutEvent behavior has been patched yet. It does assume that m_pattern is valid before dereferencing it, so I think it would be good to wrap it in an if ( hasValidPattern() ) block, as suggested, in order to remove this assumption. @ThomasJClark if you want to submit a PR for this, I think it would definitely be worthwhile. In any case, thanks for taking the time to share your patch.

[Wallacoloo]

And if you submit a PR for this, I'd say to target it against master since 1.1 is so near the end of its life.

[midi-pascal]

IMHO This PR should be merged. I tested it and it works 👍

[Wallacoloo]

I'm closing this now that @ThomasJClark's fix has been merged.