crashing while searching for a string

[v1X3Q0]

Binary Ninja Version: 2.4.2846 Personal, df7c027e Platform: Windows 10 Version 2009 I'm searching for the string "call" in my generated strings, and binary ninja seems to be crashing.

[psifertex]

Does this reproduce on the latest development branch? There have been a large number of changes there and we're very close to releasing a new stable.

[v1X3Q0]

It does, though instigating it seems a little different due to the interface changes. I'll see if i can post a crash of that one as well.

[psifertex]

Thanks -- can you share the binary triggering it? Does the crash happen on multiple files or just one?

[v1X3Q0]

i cannot share the binary triggering it, but i'll see if i can replicate it with another binary

[v1X3Q0]

The development branch doesn't seem to be rendering any strings, so my searches aren't working... I'll prioritize getting you a binary and bndb.

[psifertex]

Hmm, I don't recall anything that intentionally changed that. That might be a separate issue. I can definitely search disassembly for "call" on both dev and stable and get similar results.

(there's less in dev because of a fix that caused the calling convention to go from fastcall to regparm)

[psifertex]

One other thing to check might be to try launching with. -p which will disable plugins temporarily so you can make sure no plugin is impacting that (it shouldn't but easy enough to check)

[v1X3Q0]

here is the dev branch crash and call stack

[v1X3Q0]

Working on that binary

[psifertex]

Can you copy that as text? Much easier to rebase appropriately. And confirm the exact version number please (we've been pumping out a bunch of dev builds the last few days)

[v1X3Q0]

(61ec.4240): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
binaryninjacore!BNSetBinaryReaderEndianness+0x7c116:
00007fff`e72cbf46 440fb65001      movzx   r10d,byte ptr [rax+1] ds:0000026e`befa1000=??
0:000> k
 # Child-SP          RetAddr               Call Site
00 00000089`2352a840 00007fff`e7297297     binaryninjacore!BNSetBinaryReaderEndianness+0x7c116
01 00000089`2352a890 00007fff`e72ce82f     binaryninjacore!BNSetBinaryReaderEndianness+0x47467
02 00000089`2352a9b0 00007ff8`4a5f0314     binaryninjacore!BNFindAllDataWithProgress+0x1bf
03 00000089`2352ab30 00007ff8`4a535d18     binaryninjaui!CrossReferenceWidget::wheelEvent+0x7ba74
04 00000089`2352ac40 00007ff6`7a82f920     binaryninjaui!View::findAllData+0x68
05 00000089`2352ac90 00007ff6`7a838d0a     binaryninja+0x7f920
06 00000089`2352b010 00007ff8`0c3083db     binaryninja+0x88d0a
07 00000089`2352b0a0 00007ff8`0c306aee     Qt6Core!QMetaCallEvent::placeMetaCall+0x3b
08 00000089`2352b0e0 00007ff8`0cd8bec6     Qt6Core!QObject::event+0x18e
09 00000089`2352b300 00007ff8`0cd51e0d     Qt6Widgets!QWidget::event+0xe76
0a 00000089`2352b3e0 00007ff8`0cd50f5b     Qt6Widgets!QApplicationPrivate::notify_helper+0x10d
0b 00000089`2352b410 00007ff8`0c2c6894     Qt6Widgets!QApplication::notify+0x190b
0c 00000089`2352b8e0 00007ff8`0c2c8c57     Qt6Core!QCoreApplication::notifyInternal2+0xc4
0d 00000089`2352b950 00007ff8`0765aeaf     Qt6Core!QCoreApplicationPrivate::sendPostedEvents+0x227
0e 00000089`2352ba30 00007ff8`0c40cf92     Qt6Gui!QWindowsGuiEventDispatcher::sendPostedEvents+0xf
0f 00000089`2352ba60 00007ff8`0765ae89     Qt6Core!QEventDispatcherWin32::processEvents+0x72
10 00000089`2352eba0 00007ff8`0c2cb4fe     Qt6Gui!QWindowsGuiEventDispatcher::processEvents+0x19
11 00000089`2352ebd0 00007ff8`0c2c496b     Qt6Core!QEventLoop::exec+0x19e
12 00000089`2352ec70 00007ff6`7a7f4168     Qt6Core!QCoreApplication::exec+0x15b
13 00000089`2352ecd0 00007ff6`7a9de9a7     binaryninja+0x44168
14 00000089`2352f810 00007ff6`7a9dd972     binaryninja+0x22e9a7
15 00000089`2352f8a0 00007ff8`551b7034     binaryninja+0x22d972
16 00000089`2352f8e0 00007ff8`56122651     KERNEL32!BaseThreadInitThunk+0x14
17 00000089`2352f910 00000000`00000000     ntdll!RtlUserThreadStart+0x21

[psifertex]

Nothing stands out from the crash-log. Do you have a repeatable set of actions that can crash it on any other file?

[v1X3Q0]

The set of actions were as bare as opening the file, ctrl+f and searching for "call", i tried to randomize the bytes not of the string in the specific file so that i could share it with you, but then it doesn't crash anymore... I'm gonna see if i can share the specific bndb with you, no promises.

[psifertex]

If this is still crashing for you can you please post a crash log and the exact version you're testing it on (either dev or stable is fine)

[fuzyll]

I've tried this on a bunch of binaries and databases on Windows 11 with 3.0.3321-dev and haven't had it crash on me. Since we don't have a test case we can reproduce the issue with, and there hasn't been any additional information in 2 months, I'm going to close this. Feel free to re-open if there's anything additional we can use to track down the issue, though.