Protect against GC when constructing a System

With Guile 2.2, it's possible to observe crashes like #0 std::vector<Grob*, std::allocator<Grob*> >::size() const (this=0x0) #1 System::derived_mark() const (this=0x556efd94f460) at [...]/lily/system.cc:113 #2 0x0000556ef6b08f25 in Grob::mark_smob() const (this=0x556efd94f460) #3 to #10 in libguile-2.2.so.1 and libgc.so.1 #11 0x00007f0e322bc875 in scm_i_new_smob () #12 0x0000556ef6b0100b in scm_new_smob (data=93935189161312, tc=13943) #13 Smob_base<Grob_array>::register_ptr(Grob_array*) (p=0x556efd94f560) #14 Simple_smob<Grob_array>::smobbed_copy() const (this=<synthetic pointer>) #15 Grob_array::make_array() #16 0x0000556ef6c72bdf in System::init_elements() (this=0x556efd94f460) #17 0x0000556ef6bfb3f9 in Score_engraver::initialize() (this=0x556efc946cd0) In this case, System::init_elements() calls Grob_array::make_array() to later initialize all_elements_, which is consequently 0 until then. (cherry picked from commit aacb2da)
lilypond · Jan 18, 2021 · b18c0c8 · b18c0c8
1 parent 0e45875
commit b18c0c8
Showing 1 changed file with 6 additions and 3 deletions.
diff --git a/lily/system.cc b/lily/system.cc
@@ -108,9 +108,12 @@ System::typeset_grob (Grob *elem)
 void
 System::derived_mark () const
 {
-  const vector <Grob *> &arr = all_elements_->array ();
-  for (vsize i = arr.size (); i--;)
-    scm_gc_mark (arr[i]->self_scm ());
+  if (all_elements_)
+    {
+      const vector <Grob *> &arr = all_elements_->array ();
+      for (vsize i = arr.size (); i--;)
+        scm_gc_mark (arr[i]->self_scm ());
+    }
 
   if (pscore_)
     scm_gc_mark (pscore_->self_scm ());