Crash when copying type in change type popup

[knoxfighter]

Hi,

i recently get regular crashes when copying field types.
This crash happens from time to time and is not 100% reproducable, it takes minutes to an hour of copying stuff around until it happens. After a restart the same copy command on the same field normally works again, but it will crash some time later with a different field.

The last time it crashed i did the following:
Select a Type -> select a field -> press Y to change type -> Ctrl + C to copy -> crash -> windows is unable to use the clipboard, while the VS debugger is paused. Aka. you cannot copy and paste anything in any program on the machine.

Exception:

Exception thrown at 0x0007FFF0239B04C (binaryninjacore.dll) in binaryninja.exe: 0xC0000005: Access violation reading location 0x00007FFF06D72B0.

Stacktrace:

>    binaryninjacore.dll!00007fff0239b04c()  Unknown
     binaryninjacore.dll!00007fff0239a91d()  Unknown
     binaryninjacore.dll!00007ffefd5130c3()  Unknown
     binaryninjacore.dll!00007ffefe412811()  Unknown
     binaryninjacore.dll!00007ffefd6cf4ec()  Unknown
     binaryninjacore.dll!00007ffefd739bbf()  Unknown
     binaryninjacore.dll!00007ffefe44ce6e()  Unknown
     binaryninjacore.dll!00007ffefe44ef5d()  Unknown
     binaryninjaui.dll!00007fff272b3a49()    Unknown
     binaryninjaui.dll!00007fff2717315b()    Unknown
     Qt6Core.dll!00007fff2297a0da()          Unknown
     kernel32.dll!BaseThreadInitThunk()      Unknown
     ntdll.dll!RtlUserThreadStart()          Unknown

binaryninja modules:

binaryninja.exe    binaryninja.exe    C:\Program Files\Vector35\BinaryNinja\binaryninja.exe    N/A    Yes    Cannot find or open the PDB file.        1    4.03.6539.0    05/12/2024 20:29    00007FF7A82C0000-00007FF7A9896000    [0x3900] binaryninja.exe        
binaryninjacore.dll binaryninjacore.dll C:\Program Files\Vector35\BinaryNinja\binaryninjacore.dll   N/A Yes Cannot find or open the PDB file.       6       05/12/2024 20:22    00007FFEFCF60000-00007FFF064D7000   [0x1B58] binaryninja.exe        
binaryninjaui.dll   binaryninjaui.dll   C:\Program Files\Vector35\BinaryNinja\binaryninjaui.dll N/A Yes Cannot find or open the PDB file.       12      05/12/2024 20:27    00007FFF227F0000-00007FFF2359B000   [0x1B58] binaryninja.exe        

Every crash has the same stacktrace.

Stacktrace with relative values (manually calculated):

>    binaryninjacore.dll!0x543B04C()    Unknown
     binaryninjacore.dll!0x543A91D()    Unknown
     binaryninjacore.dll!0x5B30C3()     Unknown
     binaryninjacore.dll!0x14B2811()    Unknown
     binaryninjacore.dll!0x76F4EC()     Unknown
     binaryninjacore.dll!0x7D9BBF()     Unknown
     binaryninjacore.dll!0x14ECE6E()    Unknown
     binaryninjacore.dll!0x14EEF5D()    Unknown
     binaryninjaui.dll!0x4AC3A49()      Unknown
     binaryninjaui.dll!0x498315B()      Unknown
     Qt6Core.dll!00007fff2297a0da()     Unknown
     kernel32.dll!BaseThreadInitThunk() Unknown
     ntdll.dll!RtlUserThreadStart()     Unknown

The Log does not show anything about a crash 😞

Version and Platform (required):

• Binary Ninja Version: 4.3.6539-dev Personal (f984e126)
• OS: Windows 10
• OS Version: 22H2 (19045.5131)
• CPU Architecture: x64

[knoxfighter]

Update: The crash also happens sometimes when just writing in the popup window. I don't have a crashlog for that yet :(

[knoxfighter]

Stacktrace for the crash when typing, happens every few minutes in the last hour :(

It looks like the exact same error than the one above. I guess it is an issue with the qt input handling? Really annoying for sure.

>	binaryninjacore.dll!00007fff4615a78c()	Unknown
 	binaryninjacore.dll!00007fff4615a05d()	Unknown
 	binaryninjacore.dll!00007fff412d2803()	Unknown
 	binaryninjacore.dll!00007fff421d1f51()	Unknown
 	binaryninjacore.dll!00007fff4148ec2c()	Unknown
 	binaryninjacore.dll!00007fff414f92ff()	Unknown
 	binaryninjacore.dll!00007fff4220c5ae()	Unknown
 	binaryninjacore.dll!00007fff4220e69d()	Unknown
 	binaryninjaui.dll!00007fff8ca54b39()	Unknown
 	binaryninjaui.dll!00007fff8c91424b()	Unknown
 	Qt6Core.dll!00007fff8b6aa0da()	Unknown
 	kernel32.dll!BaseThreadInitThunk()	Unknown
 	ntdll.dll!RtlUserThreadStart()	Unknown

binaryninja.exe	binaryninja.exe	C:\Program Files\Vector35\BinaryNinja\binaryninja.exe	N/A	Yes	Cannot find or open the PDB file.		1	4.03.6541.0	06/12/2024 17:49	00007FF693630000-00007FF694C06000	[0x39E8] binaryninja.exe		
binaryninjacore.dll	binaryninjacore.dll	C:\Program Files\Vector35\BinaryNinja\binaryninjacore.dll	N/A	Yes	Cannot find or open the PDB file.		45		06/12/2024 17:42	00007FFF40D20000-00007FFF4A297000	[0x39E8] binaryninja.exe		
binaryninjaui.dll	binaryninjaui.dll	C:\Program Files\Vector35\BinaryNinja\binaryninjaui.dll	N/A	Yes	Cannot find or open the PDB file.		12		06/12/2024 17:47	00007FFF8C2D0000-00007FFF8D07F000	[0x39E8] binaryninja.exe		

[fuzyll]

Thanks for the info, sorry this is happening to you. 😞 Are you using any plugins you could try disabling? Just curious because, as far as I'm aware, you're the only user reporting a crash like this.

Will see if we can have someone take a look at these logs this week.

[psifertex]

More info on disabling plugins: https://docs.binary.ninja/guide/troubleshooting.html

[psifertex]

When you say "While the VS debugger is paused" -- do you mean this only happens when you've attached vscode as a python debugger? Are you using the visual studio real debugger to debug binary ninja? Trying to better understand what's triggering this.

Also, definitely let us know if you're able to reproduce the crash without any plugins.

[knoxfighter]

This crash happens without any debugger attached. I attached the debugger to get a proper stacktrace a few times, but all the other crashes where without.

The crash also happens without plugins.

Attached a small video-clip of the crash (was created a few days ago when i still had plugins enabled). It is also WITHOUT any kind of debugger. I press "Y" to change the type, the popup opens, binja gets unresponsive and closes after a few seconds.

2024-12-09.01-11-57_out.mp4

[psifertex]

Have you added any user types or platform types to your user folder?

Additionally, can you try backing up your Qsettings (https://docs.binary.ninja/guide/index.html#qsettings-locations) and then using the "clear qsettings" action" to clear them and see if that impacts the frequency of crashing?

[xusheng6]

v35 folks should search for SilentOcean BrightLantern VelvetForest ShadowPeak GoldenBridge to find the symolicated stack trace and other info

[xusheng6]

@knoxfighter does your workflow involve any type archives, especially ones created by you? If so, is there any chance you can share those with us (in public or in private). The stack trace suggests it is related to the type archive, and the crash you are seeing just pulls the trigger on it

[knoxfighter]

My workflow does involve a type archive that i created myself. I will send you the type archive in a private slack message.

[xusheng6]

V35 folks should search for Mountain Swift Candle Echo Breeze to find the user provided type archive file