binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

SEGFAULT when calling ArchitectureHook::GetInstructionLowLevelIL from ArchitectureExtension plugin.

Open Martyx00 opened this issue 1 year ago • 1 comments

Version and Platform (required):

  • Binary Ninja Version: 4.0.4958 Personal, ddff9339
  • OS: windows/linux
  • OS Version: 11
  • CPU Architecture: x86_64

Bug Description: When processing some binaries with an architecture extension plugin, the Binary Ninja crashes with segfault. this happens only in some binaries. The crash does not happen if the return ArchitectureHook::GetInstructionLowLevelIL(data, addr, len, il); line of code is not used inside my GetInstructionLowLevelIL. When the extension does not call the original implemenation via the ArchitecrtureHook all is stable (although not usable since this means that instructions are not lifted).

Steps To Reproduce:

The plugin can be found here, I can share the binary in private.

Expected Behavior: Not crash.

Screenshots: image

Additional Information:

Martyx00 avatar May 16 '24 17:05 Martyx00

@Martyx00 please share with us the binary. You can either send it to us on our slack https://slack.binary.ninja/, or email it to us via [email protected]

xusheng6 avatar May 20 '24 07:05 xusheng6

File has been shared in private

xusheng6 avatar May 20 '24 15:05 xusheng6

v35 folks should search for beard mass meet cage sure to find the binary

xusheng6 avatar May 21 '24 00:05 xusheng6

That PR fixes the crash, but then it gets a recursion overflow at https://github.com/Vector35/binaryninja-api/blob/dff192e3bd6d5737633a740988c31e4ecba92998/lowlevelilinstruction.cpp#L1849-L1851

...coming from vle_ext.cpp:4117

galenbwill avatar May 23 '24 00:05 galenbwill

I have another binary that does this. If it is going to help, let me know.

Martyx00 avatar May 23 '24 11:05 Martyx00