Crash while closing after using the debugger

[plafosse]

Repro:

1. Launch application (I used binary ninja itself)
2. Close tab Hit “Cancel” in the popup
3. Close tab Hit “Cancel” in the popup
4. Close tab Hit “Ok” in the popup
5. Close close the application
6. Crash

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
    frame #0: 0x00000002b819c058 libdebuggerui.dylib`BinaryNinjaDebuggerAPI::DebuggerController::IsConnected(this=0x0000000000000000) at debuggercontroller.cpp:108:31 [opt]
   105 
   106  bool DebuggerController::IsConnected()
   107  {
-> 108          return BNDebuggerIsConnected(m_object);
   109  }
   110 
   111 
Target 0: (binaryninja) stopped.

(lldbinit) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x10)
  * frame #0: 0x00000002b819c058 libdebuggerui.dylib`BinaryNinjaDebuggerAPI::DebuggerController::IsConnected(this=0x0000000000000000) at debuggercontroller.cpp:108:31 [opt]
    frame #1: 0x00000002b8182bf8 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(BinaryNinjaDebuggerAPI::DebuggerEvent const&) [inlined] ThreadFramesWidget::updateContent(this=0x0000000301105900) at threadframes.cpp:666:19 [opt]
    frame #2: 0x00000002b8182bf0 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(BinaryNinjaDebuggerAPI::DebuggerEvent const&) [inlined] ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9::operator()(this=<unavailable>, event=<unavailable>) const at threadframes.cpp:624:5 [opt]
    frame #3: 0x00000002b8182bc8 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(BinaryNinjaDebuggerAPI::DebuggerEvent const&) [inlined] decltype(std::declval<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9&>()(std::declval<BinaryNinjaDebuggerAPI::DebuggerEvent const&>())) std::__1::__invoke[abi:v160006]<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9&, BinaryNinjaDebuggerAPI::DebuggerEvent const&>(__f=<unavailable>, __args=<unavailable>) at invoke.h:394:23 [opt]
    frame #4: 0x00000002b8182bc8 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(BinaryNinjaDebuggerAPI::DebuggerEvent const&) [inlined] void std::__1::__invoke_void_return_wrapper<void, true>::__call<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9&, BinaryNinjaDebuggerAPI::DebuggerEvent const&>(__args=<unavailable>, __args=<unavailable>) at invoke.h:487:9 [opt]
    frame #5: 0x00000002b8182bc8 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(BinaryNinjaDebuggerAPI::DebuggerEvent const&) [inlined] std::__1::__function::__alloc_func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()[abi:v160006](this=<unavailable>, __arg=<unavailable>) at function.h:185:16 [opt]
    frame #6: 0x00000002b8182bc8 libdebuggerui.dylib`std::__1::__function::__func<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9, std::__1::allocator<ThreadFramesWidget::ThreadFramesWidget(QWidget*, ViewFrame*, BinaryNinja::Ref<BinaryNinja::BinaryView>)::$_9>, void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(this=<unavailable>, __arg=<unavailable>) at function.h:356:12 [opt]
    frame #7: 0x00000002b819dd08 libdebuggerui.dylib`BinaryNinjaDebuggerAPI::DebuggerController::DebuggerEventCallback(void*, BNDebuggerEvent*) [inlined] std::__1::__function::__value_func<void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()[abi:v160006](this=<unavailable>, __args=0x000000016fdfcd00) const at function.h:510:16 [opt]
    frame #8: 0x00000002b819dcf4 libdebuggerui.dylib`BinaryNinjaDebuggerAPI::DebuggerController::DebuggerEventCallback(void*, BNDebuggerEvent*) [inlined] std::__1::function<void (BinaryNinjaDebuggerAPI::DebuggerEvent const&)>::operator()(this=<unavailable>, __arg=0x000000016fdfcd00) const at function.h:1156:12 [opt]
    frame #9: 0x00000002b819dcf4 libdebuggerui.dylib`BinaryNinjaDebuggerAPI::DebuggerController::DebuggerEventCallback(ctxt=0x0000000318cecab0, event=<unavailable>) at debuggercontroller.cpp:756:2 [opt]
    frame #10: 0x0000000128c716bc libdebuggercore.dylib`std::__1::__function::__func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(BinaryNinjaDebugger::DebuggerEvent const&) [inlined] BNDebuggerRegisterEventCallback::$_0::operator()(this=0x000000035a966488, event=<unavailable>) const at ffi.cpp:898:4 [opt]
    frame #11: 0x0000000128c71608 libdebuggercore.dylib`std::__1::__function::__func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(BinaryNinjaDebugger::DebuggerEvent const&) [inlined] decltype(std::declval<BNDebuggerRegisterEventCallback::$_0&>()(std::declval<BinaryNinjaDebugger::DebuggerEvent const&>())) std::__1::__invoke[abi:v160006]<BNDebuggerRegisterEventCallback::$_0&, BinaryNinjaDebugger::DebuggerEvent const&>(__f=0x000000035a966488, __args=<unavailable>) at invoke.h:394:23 [opt]
    frame #12: 0x0000000128c71608 libdebuggercore.dylib`std::__1::__function::__func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(BinaryNinjaDebugger::DebuggerEvent const&) [inlined] void std::__1::__invoke_void_return_wrapper<void, true>::__call<BNDebuggerRegisterEventCallback::$_0&, BinaryNinjaDebugger::DebuggerEvent const&>(__args=0x000000035a966488, __args=<unavailable>) at invoke.h:487:9 [opt]
    frame #13: 0x0000000128c71608 libdebuggercore.dylib`std::__1::__function::__func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(BinaryNinjaDebugger::DebuggerEvent const&) [inlined] std::__1::__function::__alloc_func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()[abi:v160006](this=0x000000035a966488, __arg=<unavailable>) at function.h:185:16 [opt]
    frame #14: 0x0000000128c71608 libdebuggercore.dylib`std::__1::__function::__func<BNDebuggerRegisterEventCallback::$_0, std::__1::allocator<BNDebuggerRegisterEventCallback::$_0>, void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(this=0x000000035a966480, __arg=<unavailable>) at function.h:356:12 [opt]
    frame #15: 0x0000000128c6449c libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() [inlined] std::__1::__function::__value_func<void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()[abi:v160006](this=0x000000035a966480, __args=0x000000016fdfced0) const at function.h:510:16 [opt]
    frame #16: 0x0000000128c64484 libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() [inlined] std::__1::function<void (BinaryNinjaDebugger::DebuggerEvent const&)>::operator()(this=0x000000035a966480, __arg=0x000000016fdfced0) const at function.h:1156:12 [opt]
    frame #17: 0x0000000128c64484 libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() at debuggercontroller.cpp:1315:4 [opt]
    frame #18: 0x0000000128c643ec libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() [inlined] decltype(std::declval<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15&>()()) std::__1::__invoke[abi:v160006]<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15&>(__f=0x0000000346d9ffc8) at invoke.h:394:23 [opt]
    frame #19: 0x0000000128c643ec libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() [inlined] void std::__1::__invoke_void_return_wrapper<void, true>::__call<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15&>(__args=0x0000000346d9ffc8) at invoke.h:487:9 [opt]
    frame #20: 0x0000000128c643ec libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()() [inlined] std::__1::__function::__alloc_func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()[abi:v160006](this=0x0000000346d9ffc8) at function.h:185:16 [opt]
    frame #21: 0x0000000128c643ec libdebuggercore.dylib`std::__1::__function::__func<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15, std::__1::allocator<BinaryNinjaDebugger::DebuggerController::PostDebuggerEvent(BinaryNinjaDebugger::DebuggerEvent const&)::$_15>, void ()>::operator()(this=0x0000000346d9ffc0) at function.h:356:12 [opt]
    frame #22: 0x0000000128d32bc8 libdebuggercore.dylib`ExecuteActionLocal(void*) [inlined] std::__1::__function::__value_func<void ()>::operator()[abi:v160006](this=0x0000000170162dd0) const at function.h:510:16 [opt]
    frame #23: 0x0000000128d32bb4 libdebuggercore.dylib`ExecuteActionLocal(void*) [inlined] std::__1::function<void ()>::operator()(this=0x0000000170162dd0) const at function.h:1156:12 [opt]
    frame #24: 0x0000000128d32bb4 libdebuggercore.dylib`ExecuteActionLocal(ctxt=0x0000000170162dd0) at mainthread.cpp:95:3 [opt]
    frame #25: 0x000000010e35f8b0 libbinaryninjacore.1.dylib`BinaryNinjaCore::MainThreadAction::Execute() [inlined] std::__1::__function::__value_func<void ()>::operator()[abi:v160006](this=0x0000000315140058) const at function.h:510:16 [opt]
    frame #26: 0x000000010e35f89c libbinaryninjacore.1.dylib`BinaryNinjaCore::MainThreadAction::Execute() [inlined] std::__1::function<void ()>::operator()(this=0x0000000315140058) const at function.h:1156:12 [opt]
    frame #27: 0x000000010e35f89c libbinaryninjacore.1.dylib`BinaryNinjaCore::MainThreadAction::Execute(this=0x0000000315140040) at mainthread.cpp:36:3 [opt]
    frame #28: 0x00000001023e0198 QtCore`QObject::event(QEvent*) + 88
    frame #29: 0x0000000101b0254c QtGui`QGuiApplication::event(QEvent*) + 712
    frame #30: 0x00000001038ecf7c QtWidgets`QApplication::event(QEvent*) + 644
    frame #31: 0x00000001038ee51c QtWidgets`QApplicationPrivate::notify_helper(QObject*, QEvent*) + 272
    frame #32: 0x00000001038ef35c QtWidgets`QApplication::notify(QObject*, QEvent*) + 504
    frame #33: 0x000000010239d774 QtCore`QCoreApplication::notifyInternal2(QObject*, QEvent*) + 292
    frame #34: 0x000000010239e9fc QtCore`QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 1448
    frame #35: 0x00000001018fcabc libqcocoa.dylib`QCocoaEventDispatcherPrivate::processPostedEvents() + 312
    frame #36: 0x00000001018fda88 libqcocoa.dylib`QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 436
    frame #37: 0x000000018c32fd28 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
    frame #38: 0x000000018c32fcbc CoreFoundation`__CFRunLoopDoSource0 + 176
    frame #39: 0x000000018c32fa2c CoreFoundation`__CFRunLoopDoSources0 + 244
    frame #40: 0x000000018c32e61c CoreFoundation`__CFRunLoopRun + 828
    frame #41: 0x000000018c32dc2c CoreFoundation`CFRunLoopRunSpecific + 608
    frame #42: 0x0000000196886448 HIToolbox`RunCurrentEventLoopInMode + 292
    frame #43: 0x0000000196886284 HIToolbox`ReceiveNextEventCommon + 648
    frame #44: 0x0000000196885fdc HIToolbox`_BlockUntilNextEventMatchingListInModeWithFilter + 76
    frame #45: 0x000000018fb08f90 AppKit`_DPSNextEvent + 660
    frame #46: 0x00000001902dcb94 AppKit`-[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 716
    frame #47: 0x000000018fafc43c AppKit`-[NSApplication run] + 476
    frame #48: 0x00000001018fb5b8 libqcocoa.dylib`QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2124
    frame #49: 0x00000001023a7458 QtCore`QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 540
    frame #50: 0x000000010239de00 QtCore`QCoreApplication::exec() + 112
    frame #51: 0x000000010005d9c8 binaryninja`main(argc=<unavailable>, argv=<unavailable>) at main.cpp:2645:15 [opt]
    frame #52: 0x000000018bed9058 dyld`start + 2224
(lldbinit) 

[xusheng6]

@plafosse I am unable to reproduce this, could you please record a video for it?

[xusheng6]

The key to a repro for this is to set debugger.stopAtEntryPoint to false, so that when the target is launched, it runs freely on its own

[xusheng6]

I am yet unable to understand this. Here are a few things I noticed:

1. This does NOT reproduce on the dev build. It only reproduces on a local build
2. I have to use a large binary to reproduce it
3. The user must have set debugger.stopAtEntryPoint to false and try to close the tab while the target is still running
4. A workaround exists that first kill the target, then close the tab

[xusheng6]

This is no longer observed and probably fixed a while ago, though I do not have a specific commit or build #