File Causes Lock / Infinite Loop - Must Force Quit #7705
Description
Version and Platform (required):
- Binary Ninja Version: 5.3.8701-dev Ultimate, 2b68925b
- OS: macos
- OS Version: 26.1.0
- CPU Architecture: arm64
Bug Description:
Opening this file causes an exception. This is followed by what appears to be an infinite loop of exceptions in Itanium RTTI. You cannot stop the RTTI scanning. And if you try to quit, binja hangs and you have to force quit.
First exception:
[Default] MSVC RTTI Analysis failed with uncaught exception: read out of bounds (Details...)
Stack trace:
0 librtti.dylib 0x000000012258dfa4 CorePluginInit + 554176
1 librtti.dylib 0x00000001225222b0 CorePluginInit + 112588
2 librtti.dylib 0x000000012252260c CorePluginInit + 113448
3 librtti.dylib 0x00000001225036cc librtti.dylib + 128716
4 librtti.dylib 0x00000001225033c0 librtti.dylib + 127936
5 librtti.dylib 0x00000001225063d4 librtti.dylib + 140244
6 librtti.dylib 0x000000012250bbac CorePluginInit + 20680
7 libbinaryninjacore.1.dylib 0x000000011739ece8 BNActivityGetName + 105612
8 libbinaryninjacore.1.dylib 0x000000011739ee94 BNActivityGetName + 106040
9 libbinaryninjacore.1.dylib 0x0000000117383064 libbinaryninjacore.1.dylib + 766052
10 libbinaryninjacore.1.dylib 0x000000011803fc68 BNWorkflowGetEligibilitySettings + 68632
11 libbinaryninjacore.1.dylib 0x0000000118044a24 BNWorkflowGetEligibilitySettings + 88532
12 libbinaryninjacore.1.dylib 0x0000000118044708 BNWorkflowGetEligibilitySettings + 87736
13 libbinaryninjacore.1.dylib 0x000000011804ea18 BNWorkflowGetEligibilitySettings + 129480
14 libbinaryninjacore.1.dylib 0x0000000117e9f9d8 BNTagSetData + 15236
15 libbinaryninjacore.1.dylib 0x0000000118015bac BNDisconnectWebsocketClient + 12260
16 libbinaryninjacore.1.dylib 0x0000000118014b0c BNDisconnectWebsocketClient + 8004
17 libsystem_pthread.dylib 0x0000000189141c08 _pthread_start + 136
18 libsystem_pthread.dylib 0x000000018913cba8 thread_start + 8
One from the loop:
[Itanium RTTI] Failed to process object at 2c47c5f58... skipping (Details...)
0 librtti.dylib 0x000000012258dfa4 CorePluginInit + 554176
1 librtti.dylib 0x00000001225222b0 CorePluginInit + 112588
2 librtti.dylib 0x00000001225229f4 CorePluginInit + 114448
3 librtti.dylib 0x00000001224e6058 librtti.dylib + 8280
4 librtti.dylib 0x00000001224ea1fc librtti.dylib + 25084
5 librtti.dylib 0x00000001224eb058 librtti.dylib + 28760
6 librtti.dylib 0x00000001224ee960 librtti.dylib + 43360
7 librtti.dylib 0x0000000122506480 librtti.dylib + 140416
8 librtti.dylib 0x000000012250bbac CorePluginInit + 20680
9 libbinaryninjacore.1.dylib 0x000000011739ece8 BNActivityGetName + 105612
10 libbinaryninjacore.1.dylib 0x000000011739ee94 BNActivityGetName + 106040
11 libbinaryninjacore.1.dylib 0x0000000117383064 libbinaryninjacore.1.dylib + 766052
12 libbinaryninjacore.1.dylib 0x000000011803fc68 BNWorkflowGetEligibilitySettings + 68632
13 libbinaryninjacore.1.dylib 0x0000000118044a24 BNWorkflowGetEligibilitySettings + 88532
14 libbinaryninjacore.1.dylib 0x0000000118044708 BNWorkflowGetEligibilitySettings + 87736
15 libbinaryninjacore.1.dylib 0x000000011804ea18 BNWorkflowGetEligibilitySettings + 129480
16 libbinaryninjacore.1.dylib 0x0000000117e9f9d8 BNTagSetData + 15236
17 libbinaryninjacore.1.dylib 0x0000000118015bac BNDisconnectWebsocketClient + 12260
18 libbinaryninjacore.1.dylib 0x0000000118014b0c BNDisconnectWebsocketClient + 8004
19 libsystem_pthread.dylib 0x0000000189141c08 _pthread_start + 136
20 libsystem_pthread.dylib 0x000000018913cba8 thread_start + 8
If you click the X next to "Scanning for Microsoft RTTI....." it doesn't stop. If you try to quit binja, only the window closes. Binja is still running and the cursor is a beachball. You have to force quit to get it to close and the to be able to open it again.
Steps To Reproduce:
- Open binary:
kinetic ward works truly - Look at logs
- Click the X next to "Scanning for Microsoft RTTI....."
- Observe that it doesn't stop
- Quit binja
- Observe that it didn't close fully
- Observe beachball
- Force quit.
Expected Behavior:
The binary is corrupt, obviously, but binary ninja should handle corrupted binaries gracefully and allow the user to stop actions and to quit cleanly.
Screenshots:
Binary:
kinetic ward works truly