fix(SentryBacktrace): Guard stack frame pointer dereference (#4268)

Author: indragiek

CHANGELOG.md

@@ -12,6 +12,7 @@
 - Session replay not redacting buttons and other non UILabel texts (#4277)
 - Rarely reporting too long frame delays (#4278) by fixing a race condition in the frames tracking logic.
 - Crash deserializing empty envelope length>0 (#4281]
+- Guard dereferencing of stack frame pointer in SentryBacktrace ([#4268](https://github.com/getsentry/sentry-cocoa/pull/4268))
 
 ## 8.33.0
 

Sources/Sentry/SentryBacktrace.cpp

@@ -11,7 +11,12 @@
 #    include "SentryThreadMetadataCache.hpp"
 #    include "SentryThreadState.hpp"
 #    include "SentryTime.h"
-
+extern "C" {
+#    define restrict
+/** Allow importing C99 headers that use the restrict keyword, which isn't valid in C++ */
+#    include "SentryCrashMemory.h"
+#    undef restrict
+}
 #    include <cassert>
 #    include <cstring>
 #    include <dispatch/dispatch.h>
@@ -81,6 +86,9 @@ namespace profiling {
         bool reachedEndOfStack = false;
         while (depth < maxDepth) {
             const auto frame = reinterpret_cast<StackFrame *>(current);
+            if (!sentrycrashmem_isMemoryReadable(frame, sizeof(StackFrame))) {
+                break;
+            }
             if (LIKELY(skip == 0)) {
                 addresses[depth++] = getPreviousInstructionAddress(frame->returnAddress);
             } else {