DBO: Keep ref of parent in api to prevent ez uaf

CouleeApps · CouleeApps · commit 577912677638 · 2026-04-17T16:27:54.000-04:00
diff --git a/binaryninjaapi.h b/binaryninjaapi.h
@@ -22401,6 +22401,8 @@ namespace BinaryNinja {
 
 	class DatabaseObject: public CoreRefCountObject<BNDatabaseObject, BNNewDatabaseObjectReference, BNFreeDatabaseObject>
 	{
+		Ref<DatabaseObject> m_parent;
+
 	public:
 		explicit DatabaseObject(BNDatabaseObject* database);
 
diff --git a/merge.cpp b/merge.cpp
@@ -27,6 +27,7 @@ using namespace std;
 DatabaseObject::DatabaseObject(BNDatabaseObject* object)
 {
 	m_object = object;
+	m_parent = GetParent();
 }
 
 
diff --git a/python/database.py b/python/database.py
@@ -370,6 +370,9 @@ def __init__(self, handle):
 		self.handle = core.handle_of_type(handle, core.BNDatabaseObject)
 		self._children = None
 		self._dependencies = None
+		# Hold a strong reference to parent because normally children have a weak ref
+		# and their parent could be cleaned up without them
+		self._parent = self.parent
 
 	def __del__(self):
 		core.BNFreeDatabaseObject(self.handle)

Original file line number	Diff line number	Diff line change
`@@ -22401,6 +22401,8 @@ namespace BinaryNinja {`
`22401`	`22401`
`22402`	`22402`	`class DatabaseObject: public CoreRefCountObject<BNDatabaseObject, BNNewDatabaseObjectReference, BNFreeDatabaseObject>`
`22403`	`22403`	`{`
	`22404`	`+ Ref<DatabaseObject> m_parent;`
	`22405`	`+`
`22404`	`22406`	`public:`
`22405`	`22407`	`explicit DatabaseObject(BNDatabaseObject* database);`
`22406`	`22408`
Original file line number	Diff line number	Diff line change
`@@ -27,6 +27,7 @@ using namespace std;`
`27`	`27`	`DatabaseObject::DatabaseObject(BNDatabaseObject* object)`
`28`	`28`	`{`
`29`	`29`	`m_object = object;`
	`30`	`+ m_parent = GetParent();`
`30`	`31`	`}`
`31`	`32`
`32`	`33`