Network extension crashes repeatedly (heap corruption in HTML parser + use-after-free on teardown) — v2.18.0

[kimsyversen]

Please answer the following questions for yourself before submitting an issue

• Filters were updated before reproducing an issue
• I checked the knowledge base and found no answer
• I checked to make sure that this issue has not already been filed

AdGuard version

2.18

Browser version

Safari 26

OS version

MacOS 26.3

Ad Blocking

AdGuard Base filter

Privacy

No response

Social

No response

Annoyances

No response

Security

No response

Other

No response

Language-specific

No response

Which DNS server do you use?

DNS protection disabled

DNS protocol

None

Custom DNS

No response

What Stealth Mode options do you have enabled?

No response

Support ticket ID

No response

Issue Details

Over the last year or so Ad Guard has crashed regularly. To fix it I usually need to do a full reset, as for the crash 13 feb. If I don't fix it I get a new crash message and get stuck in a loop.

Prerequisites

• AdGuard version: 2.18.0 (build 2089)
• macOS versions: 26.2 (25C56) and 26.3 (25D125)
• Machine: MacBook Pro (Mac16,8), Apple Silicon (ARM64)

Issue Details

The network extension (com.adguard.mac.adguard.network-extension) crashes repeatedly -- 3 incidents in 7 days. The same binary is involved in all cases (UUID 447d4b99-d0af-306b-8701-b1d75f8bee1a).

Crash 1: Heap corruption in HTML content filter (Feb 13)

The HTML parser crashes during realloc in html_elem_add_child, with libmalloc reporting:

BUG IN CLIENT OF LIBMALLOC: memory corruption of free block

Exception type: EXC_BREAKPOINT / SIGTRAP

Stack trace (faulting thread)

_xzm_xzone_malloc_freelist_outlined  (libsystem_malloc.dylib)
xzm_realloc                          (libsystem_malloc.dylib)
_malloc_zone_realloc                  (libsystem_malloc.dylib)
_realloc                              (libsystem_malloc.dylib)
html_elem_add_child                   (AdguardCore)
finish_tag(html_parser*)              (AdguardCore)
html_parser_input                     (AdguardCore)
AGEditingHtmlParser::input()          (AdguardCore)
HtmlFilter::processData()             (AdguardCore)
HtmlFilter::processHttpResponseBody() (AdguardCore)
AGProxyFilter::runStreamFilterChain() (AdguardCore)
AGProxyFilter::processHttpResponseBody() (AdguardCore)
AGHttpFilteringUnit::processDecodedResponseBody() (AdguardCore)
AGHttpFilteringUnit::decompressorCallback() (AdguardCore)
http_decompressor_run                 (AdguardCore)
AGHttpFilteringUnit::processResponseBody() (AdguardCore)
AGHttpFilteringUnit::processForwardIncoming() (AdguardCore)
AGProcessingChain::runSingleUnit()    (AdguardCore)
AGProcessingChain::runChainForward()  (AdguardCore)
AGProcessingChain::process()          (AdguardCore)
AGProxySession::onRead()              (AdguardCore)
AGFDVSocket::onRead()                 (AdguardCore)

A second thread was concurrently running regex matching in the HTML filter (pcre2_match_8 via HtmlFilter::checkContentFilterRules) on what appears to be the same HTML elements, which may point to a race condition.

Crash 2: Use-after-free / PAC trap during session teardown (Feb 7)

During proxy session shutdown, the NEAppProxyFlow deallocation triggers a pointer authentication failure when calling CFErrorGetDomain on what appears to be an already-freed object.

Exception type: EXC_BREAKPOINT / SIGTRAP
ESR: pointer authentication trap DA

Stack trace (faulting thread)

CF_IS_OBJC                            (CoreFoundation)
CFErrorGetDomain                      (CoreFoundation)
flow_error_to_errno                   (NetworkExtension)
flow_handle_pending_write_requests    (NetworkExtension)
__NEFlowDeallocate                    (NetworkExtension)
_CFRelease                            (CoreFoundation)
-[NEAppProxyFlow dealloc]             (NetworkExtension)
AGNEVSocket::~AGNEVSocket()           (AdguardCore)
AGNEVSocket::~AGNEVSocket()           (AdguardCore)
AGProxySession::~AGProxySession()     (AdguardCore)
AGProxySession::~AGProxySession()     (AdguardCore)
AGProxyServer::createSession()::$_0   (AdguardCore)
AGProxySession::shutDownSession()::$_0 (AdguardCore)
AGEventLoop::runTasksQueue()          (AdguardCore)
event_once_cb                         (AdguardCore)
event_process_active_single_queue     (AdguardCore)
event_base_loop                       (AdguardCore)
AGEventLoop::run()                    (AdguardCore)
AGThread::run_thread(void*)           (AdguardCore)

Diagnostic: Excessive disk writes (Feb 12)

macOS flagged the network extension for writing 2,147 MB in ~10.7 hours (55.5 KB/sec average), exceeding the macOS disk write budget of 24.86 KB/sec.

Full crash reports

I have the full .ips and .diag files available and can attach them if needed.

Expected Behavior

The network extension should run stably without crashing or exceeding macOS resource budgets.

Actual Behavior

See issue details.

Screenshots

Screenshot 1

Additional Information

No response

[AlexandrPkhm]

@kimsyversen Hello!

We are sorry to hear you are experiencing this issue.

Based on your description, you are encountering an intermittent issue in our filtering library. This has already been fixed in AdGuard for Mac v2.19, which is currently available in the Nightly channel.

Please download the latest Nightly build using the following link and check if the issue persists. Let us know the result!