so the trailing 0s being reported by the apparmor audit message are correct
So this breaks down to 3 userspace bugs
wrong handling of \x00 by the compiler
wrong handling of the * and ** globs for abstract socket names
limited nesting depth for alternations (though this is minor and not really needed for this bug if globbing is fixed)
So I have verified that firefox is doing the bind call with a 110 byte long addrlen
[pid 1020] bind(18, {sa_family= AF_LOCAL, sun_path= @"google- nacl-o1d1020- 1"}, 110) = -1 EACCES (Permission denied)
so the trailing 0s being reported by the apparmor audit message are correct
So this breaks down to 3 userspace bugs
wrong handling of \x00 by the compiler
wrong handling of the * and ** globs for abstract socket names
limited nesting depth for alternations (though this is minor and not really needed for this bug if globbing is fixed)