Stack overflow when using python console

[yrp604]

Windows 10 2.2.2508-dev Personal

Issue does not immediately repro with the same steps.

From the console I did the following:

>>> ii = current_function.lifted_il
>>> ii = ii[0]
>>> ii
>>> ii.operands
>>> ii.operands[1]
>>> ii.operands[2] # crash here

(3b1c.a68): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!)
Subcode: 0x7 FAST_FAIL_FATAL_APP_EXIT 
ucrtbase!abort+0x4e:
00007ffc`f2fa287e cd29            int     29h
0:000> kn
 # Child-SP          RetAddr               Call Site
00 000000af`4936c100 00007ffc`eabc699a     ucrtbase!abort+0x4e
01 000000af`4936c130 00007ffc`a32bf4b0     VCRUNTIME140!_purecall+0x1a [D:\a01\_work\2\s\src\vctools\crt\vcruntime\src\misc\purevirt.cpp @ 29] 
02 000000af`4936c160 00007ffc`a330f302     Qt5Core!QAbstractEventDispatcher::filterNativeEvent+0x70
03 000000af`4936c1b0 00007ffc`b7ab76f9     Qt5Core!QEventDispatcherWin32::processEvents+0x552
04 000000af`4936f2e0 00007ffc`a32c097c     qwindows!qt_plugin_query_metadata+0x1f49
05 000000af`4936f310 00007ffc`a32c37f4     Qt5Core!QEventLoop::exec+0x1bc
06 000000af`4936f370 00007ff7`84f2846a     Qt5Core!QCoreApplication::exec+0x154
07 000000af`4936f3d0 00007ff7`84fa5b97     binaryninja+0x2846a
08 000000af`4936fb10 00007ff7`84fa4f7a     binaryninja+0xa5b97
09 000000af`4936fba0 00007ffc`f5077034     binaryninja+0xa4f7a
0a 000000af`4936fbe0 00007ffc`f547cec1     KERNEL32!BaseThreadInitThunk+0x14
0b 000000af`4936fc10 00000000`00000000     ntdll!RtlUserThreadStart+0x21
0:000> r
rax=0000000000000001 rbx=0000000000000001 rcx=0000000000000007
rdx=000000000000000f rsi=0000021cb60db5f0 rdi=0000000000000001
rip=00007ffcf2fa287e rsp=000000af4936c100 rbp=0000021cb6096840
 r8=0000000000000001  r9=000000af4936c0a8 r10=0000000000000012
r11=0000000000000246 r12=000000af4936c238 r13=0000000000000000
r14=0000000000000000 r15=000000af4936c1e8
iopl=0         nv up ei pl nz na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000200
ucrtbase!abort+0x4e:
00007ffc`f2fa287e cd29            int     29h

binary is ntdll for arm64, linked in this comment and the current function was RtlAllocateHeap. Only possible other factor was I had been (ab)using the snippets plugin earlier in the python session.

[yrp604]

Looking at the stack trace again, this is almost definitely Vector35/snippets#7

[psifertex]

Upstream closed so closing this.

[psifertex]

FYI, marking as "invalid" only to help our sorting with 2.4 release bugs, the root bug on snippets is obviously valid. Still haven't been able to get a good debug trace on it yet as an update.