Crash when editing BPM automation after rearranging patterns

Help, Support & Bugs
1

I do believe this is still an issue, or at least something like it?

I just lost work because Renoise (3.5.4 on Linux x86_64) crashed while I was trying to edit the BPM automation.

Steps to reproduce:

  1. Draw some BPM automation lines (across several patterns with the line tool)
  2. In the pattern matrix, move the patterns containing the BPM automation (on the master channel) to rearrange them in the song
  3. Observe that the nodes on the BPM automation lines have vanished. The lines still exist but they have no nodes. As such, the BPM ‘steps’ discretely on each pattern, instead of changing smoothly.
  4. Double click on lines to try adding back some nodes → renoise crashes.

The following error is printed in the log: free(): invalid next size (normal)

I attached to the running process with gdb and got the following stack trace:

#0  0x000071d31ee9386b in __lll_lock_wait_private () from /usr/lib/libc.so.6
#1  0x000071d31eea6118 in ?? () from /usr/lib/libc.so.6
#2  0x00000000011ce557 in TMemory::Alloc(char const*, unsigned long) ()
#3  0x00000000011d98c0 in TString::TStringBuffer::TStringBuffer(char16_t const*, int) ()
#4  0x00000000011c67e5 in TString::TString(char const*, TString::TCStringEncoding) ()
#5  0x00000000011c6a46 in TString::TString(char const*, TString::TCStringEncoding) ()
#6  0x00000000011cc812 in TLog::Dump(char const*, char const*) ()
#7  0x00000000011cdd77 in TLog::AddLineNoVarArgs(char const*, char const*) ()
#8  0x00000000011cdeaa in TLog::AddLine(char const*, char const*, ...) ()
#9  0x0000000000e61998 in SHandleFatalSignal(int) ()
#10 <signal handler called>
#11 0x000071d31ee98a2c in ?? () from /usr/lib/libc.so.6
#12 0x000071d31ee3e1a0 in raise () from /usr/lib/libc.so.6
#13 0x000071d31ee255fe in abort () from /usr/lib/libc.so.6
#14 0x000071d31ee26697 in ?? () from /usr/lib/libc.so.6
#15 0x000071d31eea2cbc in ?? () from /usr/lib/libc.so.6
#16 0x000071d31eea46dc in ?? () from /usr/lib/libc.so.6
#17 0x000071d31eea4814 in ?? () from /usr/lib/libc.so.6
#18 0x00000000011d8053 in TString::TStringBuffer::~TStringBuffer() ()
#19 0x00000000011d806e in TString::TStringBuffer::~TStringBuffer() ()
#20 0x00000000011dbe1b in TPtr<TString::TStringBuffer>::operator=(TPtr<TString::TStringBuffer> const&) ()
#21 0x00000000011dbfb8 in TString::Insert(int, char16_t const*) ()
#22 0x00000000011dc1e5 in TString::Insert(int, TString const&) ()
#23 0x00000000011dc1ff in TString::Prepend(TString const&) ()
#24 0x00000000010d48cb in TDocumentNode::DocumentPathOf(TDocumentNode*) const ()
#25 0x00000000010f0099 in TObservableState::TObservableState(TUndoChain*, TDocumentNode*, TObservable*) ()
#26 0x00000000010de8e7 in TDocumentRoot::BeforeObservableChanges(TDocumentNode*, TObservable*) ()
#27 0x00000000010e9bc7 in TObservable::NotifyObservers(TObservable::TUpdateType) ()
#28 0x00000000010239a6 in TObservableBaseType<TEnvelopePoint>::OnSetValueAndNotify(TEnvelopePoint const&) ()
#29 0x0000000001024163 in TObservableBaseType<TEnvelopePoint>::operator=(TEnvelopePoint const&) ()
#30 0x000000000102a3d7 in TEnvelope::CopyNodes(TEnvelope const&) ()
#31 0x000000000102a622 in TEnvelope::CopyFrom(TEnvelope const&) ()
#32 0x0000000000d42b29 in TEnvelopeGraphView::OnMousePressed(int, int, int) ()
#33 0x0000000000d432f2 in TEnvelopeGraphView::OnMouseDragged(int, int, int) ()
#34 0x0000000000df516a in TGuiEventTarget::ProcessMouseAction(int, int, TMouseEvent::TMouseAction, int) ()
#35 0x0000000000e54c38 in TView::ProcessMouseAction(int, int, TMouseEvent::TMouseAction, int) ()
#36 0x0000000000d685cf in TFocusRootView::ProcessMouseAction(int, int, TMouseEvent::TMouseAction, int) ()
#37 0x0000000000e00440 in TMouseEventHandler::ApplyAction(TMouseEvent::TMouseAction) ()
#38 0x0000000000e0066d in TMouseEventHandler::ProcessMouseEvent(TMouseEvent*) ()
#39 0x0000000000e5883c in TViewWindow::OnHandleMouseEvent(TMouseEvent*) ()
#40 0x0000000000ef71ed in TWindow::OnEvent(TApplicationEvent*) ()
#41 0x0000000000e6897f in TApplicationEventQueueImpl::OnDispatchEvent(TApplicationEvent*) ()
#42 0x0000000000ebd052 in TWindowImpl::HandleXEvent(_XEvent*) ()
#43 0x0000000000e8f7b0 in TApplication::BeforeRunningAFrame() ()
#44 0x0000000000e63444 in TApplication::RunOneFrame() ()
#45 0x0000000000e8f805 in TApplication::RunMainLoop() ()
#46 0x0000000000e65c81 in TApplication::DoRun(std::deque<TString, std::allocator<TString> > const&, bool) ()
#47 0x00000000004a146d in gMain(std::deque<TString, std::allocator<TString> > const&) ()
#48 0x00000000004928af in main_platform_impl(int, char**) ()
#49 0x000071d31ee276c1 in ?? () from /usr/lib/libc.so.6
#50 0x000071d31ee277f9 in __libc_start_main () from /usr/lib/libc.so.6
#51 0x000000000048061e in _start ()
2

This obviously happens, somehow, but I can’t replicate this here yet. Can you? How exactly did you move/swap around pattern to break the automation envelopes?