Crash upon dyld shared cache opening

[e2r3p13]

Version and Platform (required):

• Binary Ninja Version: 4.3.6791-dev
• OS: MacOS Sequoia 15.2
• CPU Architecture: M2

Bug Description:

Binary ninja crashes upon dyld shared cache opening. I don't know if I am the only one experiencing this bug. I faced it since the Frogstar release, and with every shared cache ; no matter the iOS/macOS version.

binary_ninja_dyld_crash.mp4

Steps To Reproduce:

Download a shared cache:

ipsw download ipsw --device iPhone 14,4 --build 21D50 --dyld

And open the downloaded dyld_shared_cache_arm64e file with Binary Ninja. The application crashes instantly at this moment.

Additional Information:

If it can help:

[sagittarius-a]

Version and Platform:

• Binary Ninja Version: 4.3.6766-dev (c559a23d)
• OS: macOS
• OS Version: Sequoia 15.1.1
• CPU Architecture: M1

---

Observed exact same issue here.

Here is the crash report trying to open /System/Volumes/Preboot/Cryptexes/OS/System/Library/dyld/dyld_shared_cache_arm64e (from the local machine itself) on macOS 15.1.1.

Process:               binaryninja [58586]
Path:                  /Applications/Binary Ninja.app/Contents/MacOS/binaryninja
Identifier:            com.vector35.binaryninja
Version:               4.3.6766-dev_commercial (4.3.6766-dev_commercial)
Code Type:             ARM-64 (Native)
Parent Process:        launchd [1]
User ID:               501

Date/Time:             2025-02-03 13:44:18.8001 +0100
OS Version:            macOS 15.1.1 (24B91)
Report Version:        12
Anonymous UUID:        C36FB094-DE41-446B-ED82-EE226286C1C1

Sleep/Wake UUID:       91B5002C-988B-4EAA-AEA9-58362D6A5F20

Time Awake Since Boot: 2000000 seconds
Time Since Wake:       2644 seconds

System Integrity Protection: disabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000010
Exception Codes:       0x0000000000000001, 0x0000000000000010

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [58586]

VM Region Info: 0x10 is not in any region.  Bytes before following region: 4297195504
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      100220000-1014fc000    [ 18.9M] r-x/r-x SM=COW  /Applications/Binary Ninja.app/Contents/MacOS/binaryninja

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libsharedcache.dylib          	       0x112e2e288 0x112c7c000 + 1778312
1   libsharedcache.dylib          	       0x112c98580 0x112c7c000 + 116096
2   libsharedcache.dylib          	       0x112d31854 0x112c7c000 + 743508
3   libbinaryninjacore.1.dylib    	       0x11454f5dc BNCreateBinaryViewOfType + 140
4   libbinaryninjaui.1.dylib      	       0x10300a75c 0x102a58000 + 5973852
5   libbinaryninjaui.1.dylib      	       0x102baaf94 FileContext::createDataView(QString const&) + 196
6   libbinaryninjaui.1.dylib      	       0x102baa43c FileContext::getDataView(QString const&, bool) + 992
7   libbinaryninjaui.1.dylib      	       0x102ba9cfc FileContext::FileContext(BinaryNinja::Ref<BinaryNinja::FileMetadata>, BinaryNinja::Ref<BinaryNinja::BinaryView>, QString const&, bool, bool) + 932
8   binaryninja                   	       0x100302f10 0x100220000 + 929552
9   binaryninja                   	       0x100301448 0x100220000 + 922696
10  binaryninja                   	       0x1002fce34 0x100220000 + 904756
11  libbinaryninjaui.1.dylib      	       0x102a9aa44 UIActionHandler::executeAction(QString const&, UIActionContext const&) + 296
12  libbinaryninjaui.1.dylib      	       0x102a9a9f4 UIActionHandler::executeAction(QString const&, UIActionContext const&) + 216
13  libbinaryninjaui.1.dylib      	       0x102ad5540 0x102a58000 + 513344
14  QtCore                        	       0x102442008 void doActivate<false>(QObject*, int, void**) + 1332
15  QtGui                         	       0x103ed950c QAction::activate(QAction::ActionEvent) + 368
16  QtCore                        	       0x10243a6c4 QObject::event(QEvent*) + 616
17  QtWidgets                     	       0x10347f9a4 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 272
18  QtWidgets                     	       0x1034807e4 QApplication::notify(QObject*, QEvent*) + 504
19  QtCore                        	       0x1023f70c4 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 212
20  QtCore                        	       0x1023f83b0 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 1464
21  libqcocoa.dylib               	       0x101d390a4 QCocoaEventDispatcherPrivate::processPostedEvents() + 312
22  libqcocoa.dylib               	       0x101d3a064 QCocoaEventDispatcherPrivate::postedEventsSourceCallback(void*) + 436
23  CoreFoundation                	       0x18df6dd34 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 28
24  CoreFoundation                	       0x18df6dcc8 __CFRunLoopDoSource0 + 176
25  CoreFoundation                	       0x18df6da2c __CFRunLoopDoSources0 + 244
26  CoreFoundation                	       0x18df6c5c8 __CFRunLoopRun + 840
27  CoreFoundation                	       0x18df6bbc4 CFRunLoopRunSpecific + 588
28  HIToolbox                     	       0x1993dbf64 RunCurrentEventLoopInMode + 292
29  HIToolbox                     	       0x1993e1d54 ReceiveNextEventCommon + 636
30  HIToolbox                     	       0x1993e1eb8 _BlockUntilNextEventMatchingListInModeWithFilter + 76
31  AppKit                        	       0x191a97a08 _DPSNextEvent + 660
32  AppKit                        	       0x1923d7e0c -[NSApplication(NSEventRouting) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 688
33  AppKit                        	       0x191a8aae0 -[NSApplication run] + 480
34  libqcocoa.dylib               	       0x101d37ba0 QCocoaEventDispatcher::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 2124
35  QtCore                        	       0x102400c18 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 540
36  QtCore                        	       0x1023f771c QCoreApplication::exec() + 112
37  binaryninja                   	       0x1002d256c 0x100220000 + 730476
38  dyld                          	       0x18db04274 start + 2840

[0cyn]

Hi! Would you be able to try opening the cache on dev version 4.3.6803?

It should no longer crash, ideally, and it should print an error in the Log view that can help better debug this issue. I have not been able to reproduce this bug locally.

[e2r3p13]

Hi! Just tested several times with different ipsw caches. It still crashes tough the backtrace is a bit different:

It's not very helpful, but feel free to ask for more information if needed!

[e2r3p13]

Just saw that it doesn't crash when opening the shared cache through Open with Options. Here are the logs I have: