Segfault in minimap

[chivay]

Program terminated with signal SIGSEGV, Segmentation fault.
#0  veles::util::UniformSampler::getFileOffsetImpl (this=0x55eeab1539b0, index=0xffffffffffffffff) at /home/chivay/repos/veles/src/util/sampling/uniform_sampler.cc:71
71    return base_index + (index % window_size_);
[Current thread is 1 (Thread 0x7fd5b3da8800 (LWP 7760))]
gef➤  bt
#0  veles::util::UniformSampler::getFileOffsetImpl (this=0x55eeab1539b0, index=0xffffffffffffffff) at /home/chivay/repos/veles/src/util/sampling/uniform_sampler.cc:71
#1  0x000055eea9aa48bc in veles::util::ISampler::getFileOffset (this=0x55eeab1539b0, index=index@entry=0xffffffffffffffff) at /home/chivay/repos/veles/src/util/sampling/isampler.cc:97
#2  0x000055eea9af96fe in veles::visualization::VisualizationMinimap::updateLinePositions (this=0x55eeaaf81f60, keep_selection=<optimized out>, keep_size=<optimized out>) at /home/chivay/repos/veles/src/visualization/minimap.cc:656
#3  0x00007fd5b2f68a08 in QWidget::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5
#4  0x00007fd5b2f28f2c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#5  0x00007fd5b2f30f81 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#6  0x00007fd5b220b060 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#7  0x00007fd5b2f2ff0a in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/libQt5Widgets.so.5
#8  0x00007fd5b2f83d81 in ?? () from /usr/lib/libQt5Widgets.so.5
#9  0x00007fd5b2f864c1 in ?? () from /usr/lib/libQt5Widgets.so.5
#10 0x00007fd5b2f28f2c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#11 0x00007fd5b2f30a06 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5
#12 0x00007fd5b220b060 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5
#13 0x00007fd5b276a3d4 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/libQt5Gui.so.5
#14 0x00007fd5b276bf36 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) () from /usr/lib/libQt5Gui.so.5
#15 0x00007fd5b274348c in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Gui.so.5
#16 0x00007fd5aa9534b1 in ?? () from /usr/lib/libQt5XcbQpa.so.5
#17 0x00007fd5aee90270 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#18 0x00007fd5aee91f69 in ?? () from /usr/lib/libglib-2.0.so.0
#19 0x00007fd5aee91fae in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#20 0x00007fd5b2265cd1 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#21 0x00007fd5b220948b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5
#22 0x00007fd5b22124d8 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5
#23 0x000055eea9a56659 in main (argc=<optimized out>, argv=<optimized out>) at /home/chivay/repos/veles/src/ui/main.cc:77

[mwkmwkmwk]

After some groveling in core dump, I've determined the problem is here: https://github.com/codilime/veles/blob/master/src/visualization/minimap.cc#L645 . If size == samplesize, the (apparently needless) -1 will cause end to be exactly samplesize-1, and start to be (size_t)-1, causing invalid array access. However, I have absolutely no idea how to reproduce this bug.

[mkow]

Repro steps in #381.