C++ segfault, reproducible example

Question

Reposting with full code, as suggested from others. Just updated the main function with hard coded arguments that causes segmentation fault.

Changing the width<

Answer 1

The crash happens here:

#0  0x00007ffff7b12c46 in malloc () from /lib64/libc.so.6
#1  0x00007ffff7e5e059 in operator new(unsigned long) () from /lib64/libstdc++.so.6
#2  0x00000000004035ac in __gnu_cxx::new_allocator::allocate (this=0x7fffffffd3f0, __n=2) at /usr/include/c++/9/ext/new_allocator.h:114
#3  0x000000000040335b in std::allocator_traits >::allocate (__a=..., __n=2) at /usr/include/c++/9/bits/alloc_traits.h:444
#4  0x0000000000402fe2 in std::_Vector_base >::_M_allocate (this=0x7fffffffd3f0, __n=2) at /usr/include/c++/9/bits/stl_vector.h:343
#5  0x00000000004028be in std::vector >::_M_realloc_insert (this=0x7fffffffd3f0, __position={x = 0, y = 0}, __args#0=...) at /usr/include/c++/9/bits/vector.tcc:440
#6  0x00000000004024a0 in std::vector >::push_back (this=0x7fffffffd3f0, __x=...) at /usr/include/c++/9/bits/stl_vector.h:1195
#7  0x0000000000401f48 in Coordinate::Bresenham (this=0x7fffffffd4c8, other=...) at t.cc:205
#8  0x0000000000401610 in Triangle::DrawLines (this=0x7fffffffd580, top=..., left=..., right=...) at t.cc:86
#9  0x0000000000401823 in Triangle::Sierpinski (this=0x7fffffffd580, top=..., left=..., right=..., min_area=1.0800000000000001) at t.cc:96
#10 0x0000000000402154 in main () at t.cc:225

Any time you have a crash in malloc, you should immediately suspect heap corruption.

Here is what address sanitizer (just add -fsanitize=address to your compile and link command lines) says:

=================================================================
==5470==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x625000002360 at pc 0x000000401e84 bp 0x7fffffffcdb0 sp 0x7fffffffcda0
WRITE of size 4 at 0x625000002360 thread T0
    #0 0x401e83 in Triangle::DrawLines(Coordinate, Coordinate, Coordinate) /tmp/t.cc:76
    #1 0x4028c5 in Triangle::Sierpinski(Coordinate, Coordinate, Coordinate, double) /tmp/t.cc:96
    #2 0x4043df in main /tmp/t.cc:225
    #3 0x7ffff707ef32 in __libc_start_main (/lib64/libc.so.6+0x23f32)
    #4 0x40126d in _start (/tmp/a.out+0x40126d)

0x625000002360 is located 0 bytes to the right of 8800-byte region [0x625000000100,0x625000002360)
allocated by thread T0 here:
    #0 0x7ffff768a9d7 in operator new(unsigned long) (/lib64/libasan.so.5+0x10f9d7)
    #1 0x406f82 in __gnu_cxx::new_allocator::allocate(unsigned long, void const*) /usr/include/c++/9/ext/new_allocator.h:114
    #2 0x406e67 in std::allocator_traits >::allocate(std::allocator&, unsigned long) /usr/include/c++/9/bits/alloc_traits.h:444
    #3 0x406b8f in std::_Vector_base >::_M_allocate(unsigned long) /usr/include/c++/9/bits/stl_vector.h:343
    #4 0x40663e in std::_Vector_base >::_M_create_storage(unsigned long) /usr/include/c++/9/bits/stl_vector.h:358
    #5 0x405a5c in std::_Vector_base >::_Vector_base(unsigned long, std::allocator const&) /usr/include/c++/9/bits/stl_vector.h:302
    #6 0x404bf0 in std::vector >::vector(unsigned long, unsigned int const&, std::allocator const&) /usr/include/c++/9/bits/stl_vector.h:521
    #7 0x403faa in main /tmp/t.cc:218
    #8 0x7ffff707ef32 in __libc_start_main (/lib64/libc.so.6+0x23f32)

SUMMARY: AddressSanitizer: heap-buffer-overflow /tmp/t.cc:76 in Triangle::DrawLines(Coordinate, Coordinate, Coordinate)

So indeed you have heap corruption (overflow of allocated heap buffer).

Hopefully this is enough info for you to find a logic bug in your program.

P.S.

It looks like you are allocating a rectangle of height * width pixels, then try to draw a line from the height * widths pixel. You likely have an off-by-one bug -- valid pixel indices are in the range [0 .. width-1] * [0 .. height-1].

When I reserve (width+1) * (height+1) space in the vector, the problem goes away.