Fix #295: IDA PRO crash

[JiwaniZakir]

Closes #295

Before

decompile_function_safe in src/ida_pro_mcp/ida_mcp/utils.py called cfunc.get_line_item(sl.line, 0, False, None, item, None), passing None for the phead and ptail output parameters. IDA's get_line_item attempts to write through these pointers; passing None results in a null-pointer write, causing IDA Pro to crash silently during any MCP-triggered decompilation.

After

phead and ptail are now backed by real ctree_item_t instances (_head and _tail) allocated before the call:

_head = ida_hexrays.ctree_item_t()
item = ida_hexrays.ctree_item_t()
_tail = ida_hexrays.ctree_item_t()
if cfunc.get_line_item(sl.line, 0, False, _head, item, _tail):

get_line_item has valid memory to write into for all three output parameters, eliminating the crash.

Changes

• src/ida_pro_mcp/ida_mcp/utils.py (decompile_function_safe, line ~1031): Replaced both None arguments in the get_line_item call with allocated ctree_item_t objects _head and _tail.
• src/ida_pro_mcp/ida_mcp/tests/test_utils.py (test_utils_stack_frame_and_decompile_helpers): Added an assertion that the decompiled output contains address annotations (/*0x...*/), which are produced by get_line_item and confirm the call is succeeding and writing through all output parameters correctly.

Testing

The new assertion in test_utils_stack_frame_and_decompile_helpers verifies that get_line_item is returning line address annotations for the sum_point function in typed_fixture.elf:

assert any("/*0x" in line for line in code.splitlines())

This would fail if get_line_item were not populating results correctly. Manual verification: decompiling a function via the MCP decompile tool no longer crashes IDA Pro.

[mrexodia]

What version of IDA are you using?