Segfault when nabc_state wraps to 0 mid-syllable creating empty GRE_ELEMENT

[lbssousa]

Description

When nabc-lines is set to 2, the NABC state cycles modulo 3 (0 = GABC notes, 1 = voice 1, 2 = voice 2). If a syllable contains a GABC syntax error with an extra | separator — e.g. || where only | was intended — nabc_state can wrap back to 0 mid-syllable. A standalone NABC_CUT at state 0 then creates an empty GRE_ELEMENT with first_glyph == NULL.

Later, write_default_end_of_element() in gregoriotex-write.c dereferences element->u.first_glyph->next without a NULL check, causing a segmentation fault.

Context

In the GABC notation for two NABC voices, a single | advances to the next NABC state while || advances by two. With nabc-lines: 2, the correct way to start a new GABC element within the same syllable after voice 2 is a single | (which wraps the state from 2 back to 0). Writing || instead is a syntax error that wraps to 0 and then immediately advances to 1, leaving an empty GABC element in between.

For example, the correct notation is:

ma(f!hhf||ta//tghh|gf||cl)

The erroneous notation (extra | before gf) triggers the crash:

ma(f!hhf||ta//tghh||gf||cl)

Minimal reproducer

name:t;
nabc-lines:2;
%%
(f3) ma(f!hhf||ta//tghh||gf||cl) (::)

Running gregorio on the above file produces a segfault (core dump).

Expected behavior

Gregorio should not crash on malformed input. It should ideally report the syntax error (unexpected state wrap) and handle the empty element gracefully.

[rpspringuel]

This looks like something I'm going to want to pull into 6.2 before release.

Assuming, of course, I can finally get my cross-platform testing done. Between being busy and my VMs not cooporating, that process is taking much longer than anticipated. At least my Windows VM seems to be in order.

[davidweichiang]

Why is it an error for a gabc segment to be empty?

[rpspringuel]

I think the point is that it shouldn't be an error and that right now an empty gabc segment causes one (and a particularly bad one, since it's a segfault).

[davidweichiang]

But if I understand the diff correctly, it makes an empty gabc segment an error and prevents the segfault.

[lbssousa]

The real problem here isn’t the empty segments, but the unbalanced pipes. I've noticed this when I'm trying to convert a single-NABC score, moving the NABC glyphs to line 2.

Example original score:

nabc-lines: 1;
%%
ma(f!hhf|ta//tghh|gf|cl)

I've doubled all pipes to make the NABC segments go to line 2:

nabc-lines: 2;
%%
ma(f!hhf||ta//tghh||gf||cl)

Doing so, I've inadvertently introduced a spurious pipe before the second GABC segment, gf. It makes gregorio segfault when trying to transpile this code.

The correct code should be:

nabc-lines: 2;
%%
ma(f!hhf||ta//tghh|gf||cl)

PR #1727 still accuses the error, but won't let gregorio segfault.

[davidweichiang]

It's this line I'm asking about:

            gregorio_message(
                _("Empty GABC element created by extra \"|\" separator. "
                  "With nabc-lines>1, use a single \"|\" to start a new "
                  "element after the last NABC voice."),
                "det_score", VERBOSITY_ERROR, 0);

I don't see why this should be an error. Also, the error message is very specific, and I can imagine a variety of situations where a user might see this message but get confused because the message doesn't apply to them.

Is the real solution #1672? (I mean the solution for preventing the user error; not the seg fault which this PR correctly fixes)

[lbssousa]

I don't see why this should be an error. Also, the error message is very specific, and I can imagine a variety of situations where a user might see this message but get confused because the message doesn't apply to them.

I'll review it later. Thanks for the feedback!

Is the real solution #1672? (I mean the solution for preventing the user error; not the seg fault which this PR correctly fixes)

I think so. Disambiguating GABC/NABC alternations would be very welcome.