Null dereference inside LinearView::mouseDoubleClickEvent when trying to expand a collapsed function

[sentry]

Sentry Issue: BINARYNINJA-B3

EXC_BAD_ACCESS / KERN_INVALID_ADDRESS / 0x10: Fatal Error: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS / 0x10
  File "function.cpp", line 220, in BinaryNinja::Function::GetStart
  File "qwidget.cpp", in QWidget::event
  File "qframe.cpp", line 522, in QFrame::event
  File "qcoreapplication.cpp", line 1246, in QCoreApplicationPrivate::sendThroughObjectEventFilters
  File "qapplication.cpp", line 3299, in QApplicationPrivate::notify_helper
...
(35 additional frame(s) were not displayed)

@bdash says:

This can be reproduced in single function view with disassembly showing by hitting Cmd-A to select all lines in a function, clicking the collapse marker in the function header to collapse all lines, double-clicking on the same function's name to return back to the single function view, then double-clicking on the collapse marker in the function header to expand all lines.

The immediate cause of the crash is that line.function is null within the path that handles FunctionHeaderLineType.

[bdash]

A crash report from a local build better shows the parent stack frame:

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libbinaryninjaui.1.dylib      	       0x105bedeec BinaryNinja::Function::GetStart() const + 0 (function.cpp:220)
1   libbinaryninjaui.1.dylib      	       0x1058027f8 LinearView::mouseDoubleClickEvent(QMouseEvent*) + 1500 (linearview.cpp:3760)
2   QtWidgets                     	       0x1067d5b08 QWidget::event(QEvent*) + 112

[BlasterXiao]

I can now reproduce this 100% reliably. Recorded a video, attached below.
▎
▎ Environment: Binary Ninja [5.4.9745-dev Personal], Windows 11 24H2, x64.
▎
▎ Steps to reproduce (deterministic):
▎ 1. Open any binary, go to a function in disassembly, single-function view mode.
▎ 2. Select-all the disassembly of the function.
▎ 3. Click (/double-click) the function name in the header → all functions collapse/fold.

▎ 4. Click back on the originally-selected function->Double-click this function name → Click the expand ->immediate crash.
▎

▎ This matches your finding that it's inside click event handling — the collapse seems to invalidate some render/layout object, and the next click dereferences it.
▎
▎ Video:

bn_crash.mp4