Skip to content

[Rust] Incorrect use of expression vs instruction indexes in HighLevelILFunction #7418

New issue
New issue
Closed
Bug
Closed
[Rust] Incorrect use of expression vs instruction indexes in HighLevelILFunction#7418
Bug
Assignees
negasora
Labels
Component: Rust APIIssue needs changes to the Rust APIEffort: LowIssues require < 1 week of workImpact: MediumIssue is impactful with a bad, or no, workaround
Milestone
Io
@bdash

Description

@bdash
bdash
opened on Sep 20, 2025

Version and Platform (required):

  • Binary Ninja Version: 5.2.8294-dev Ultimate, 56f83b68
  • OS: macos
  • OS Version: 26.0
  • CPU Architecture: arm64

Bug Description:
A user on Slack reported seeing a panic due to HighLevelILFunction::instruction_from_index returning None:

thread '<unnamed>' (3526664) panicked at ~/.cargo/git/checkouts/binaryninja-api-101c3b4075ebc9b7/00566fc/rust/src/high_level_il/instruction.rs:1072:14:
called `Option::unwrap()` on a `None` value
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

This happens within the wrap_raw function of impl CoreArrayProviderInner for HighLevelILInstruction.

The code triggering it looks like so:

function
  .variable_definitions(v.var)
  .into_iter()
  .next()

where function is a Ref<HighLevelILFunction>.

The problem appears to be that BNGetHighLevelILVariableDefinitions provides an array of expression indexes, but the Rust binding is interpreting them as instruction indexes.

It looks like the same mistake exists in the other functions on HighLevelILFunction that deal with uses and definitions of variables and memory.

Metadata

Metadata

Assignees

Labels

Component: Rust APIIssue needs changes to the Rust APIEffort: LowIssues require < 1 week of workImpact: MediumIssue is impactful with a bad, or no, workaround

Type

Bug

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions