From d90b249a86ea71324d945c9b06702283ea6a3462 Mon Sep 17 00:00:00 2001 From: Elias Bachaalany Date: Thu, 5 Mar 2026 20:02:38 -0500 Subject: [PATCH] fix: crash in UiMessageCapture on ARM64 macOS (va_list ABI mismatch) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit On ARM64 macOS, va_list is char* (scalar), not an array type like on x86-64 System V ABI (__va_list_tag[1]). The old #ifdef only special-cased MSVC, so on ARM64 Apple the code read va_list* (expecting array decay) but got a char* value — dereferencing it used string content as a pointer, causing a SIGSEGV in strlen via vsprnt. Fix: guard the pointer-indirection path with __x86_64__ instead of !_MSC_VER. --- src/lib/src/idapython_exec.cpp | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/lib/src/idapython_exec.cpp b/src/lib/src/idapython_exec.cpp index f4f851e..94ed7e1 100644 --- a/src/lib/src/idapython_exec.cpp +++ b/src/lib/src/idapython_exec.cpp @@ -84,15 +84,17 @@ ssize_t idaapi UiMessageCapture::on_event(ssize_t code, va_list va) { return 0; } - // On GCC/Clang, va_list is an array type that decays to a pointer when - // passed through variadic args. On MSVC, va_list is char* (passed by value). + // va_list is an array type on x86-64 System V ABI (__va_list_tag[1]), + // so it decays to a pointer when passed through variadic args. + // On MSVC and ARM64 Apple (where va_list is char*), it is a scalar + // type passed by value — no decay, no extra indirection. va_list copy; -#ifdef _MSC_VER - va_list format_args = va_arg(va, va_list); - va_copy(copy, format_args); -#else +#if defined(__x86_64__) && !defined(_MSC_VER) va_list* format_args = va_arg(va, va_list*); va_copy(copy, *format_args); +#else + va_list format_args = va_arg(va, va_list); + va_copy(copy, format_args); #endif qstring formatted; formatted.vsprnt(format, copy);