Comment 2 for bug 1413410

So I have verified that firefox is doing the bind call with a 110 byte long addrlen

[pid 1020] bind(18, {sa_family=AF_LOCAL, sun_path=@"google-nacl-o1d1020-1"}, 110) = -1 EACCES (Permission denied)

so the trailing 0s being reported by the apparmor audit message are correct

So this breaks down to 3 userspace bugs

  wrong handling of \x00 by the compiler
  wrong handling of the * and ** globs for abstract socket names
  limited nesting depth for alternations (though this is minor and not really needed for this bug if globbing is fixed)