fix(stacktrace): stop leaking internal frame state into event payload#2962
Merged
Conversation
Interface#to_h serializes every instance variable, so helper ivars stored on StacktraceInterface::Frame leaked into the event payload. The FilenameCache change (#2904) made this worse by serializing "#<Sentry::FilenameCache:0x...>" — a memory address that differs on every run — into every frame. Pass filename_cache/strip_backtrace_load_path through the constructor instead of storing them as ivars, so they never reach to_h. This also drops the pre-existing project_root/strip_backtrace_load_path leaks. All real frame fields are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
dingsdax
approved these changes
Jun 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Interface#to_hserializes every instance variable, so helper ivars stored onStacktraceInterface::Frameleak into the event payload sent to Sentry. TheFilenameCachechange (#2904) made this worse: it serialized"#<Sentry::FilenameCache:0x...>"— a memory address that changes on every run — into every stack frame.project_root,strip_backtrace_load_pathstrip_backtrace_load_path,filename_cacheThis passes
filename_cache/strip_backtrace_load_paththrough the constructor instead of storing them as ivars, so they never reachto_h. The now-unused privatecompute_filenamehelper is removed (the publicFilenameCache#compute_filenameis untouched). This also drops the pre-existingproject_root/strip_backtrace_load_pathleaks — none of these were part of Sentry's frame schema.All real frame fields (
abs_path,function,lineno,in_app,module,filename,*_context) are unchanged.Verification
Replayed an identical fixed backtrace through
Sentry.capture_exceptionon 6.5.0 and on this branch and diffed the serialized event: every meaningful frame field is byte-identical; only the leaked internal keys are gone. Added a regression spec assertingframe.to_hexposes only the real frame keys. Existing interface/backtrace/event/profiler specs pass; RuboCop clean.🤖 Generated with Claude Code