Stack Overflow Crash in libview_macho.dylib During Recursive Operation

[dawn-breaking]

Description:
I experienced a crash in Binary Ninja v5.0.7290_commercial on macOS 15.4.1 (24E263) while analyzing a Mach-O file. The application crashed with a segmentation fault (SIGSEGV) with error code KERN_PROTECTION_FAILURE.

Crash details:

• Exception Type: EXC_BAD_ACCESS (SIGSEGV)
• Exception Codes: KERN_PROTECTION_FAILURE at 0x000000016a723fe0
• The crash occurred in the main thread in libsystem_malloc.dylib at medium_malloc_from_free_list
• The stack trace shows function at offset 124410288 in libview_macho.dylib being called recursively over 500 times

Based on the crash report, it appears the application encountered a stack overflow due to excessive recursion while processing a Mach-O file. The repeated identical function calls in the crash stack strongly suggest an uncontrolled recursive process in the Mach-O file viewer component.

Steps to reproduce:

1. Open Binary Ninja v5.0.7290
2. Load demo

I've attached the full crash report for reference. Please let me know if you need any additional information to help diagnose this issue.

Environment:

• Binary Ninja: 5.0.7290_commercial
• OS: macOS 15.4.1 (24E263)
• Hardware: MacBookPro18,2 with Apple M1 Max

demo.zip

[bdash]

This is due to (intentionally?) bogus data in the export trie that points back to earlier in the trie, leading to infinite recursion.

Amusingly Apple's dyld_info tool crashes in the same way when parsing it.

[dawn-breaking]

This demo is an iOS command line executable daemon process from a rootful jailbreak environment. Interestingly, when I open the same binary in IDA Pro 9.1, it works completely normally without any crashes. It seems the circular reference in the export trie is handled differently by IDA's parser compared to both Binary Ninja and Apple's dyld_info tool.​​​​​​​​​​​