[Bug] Crash in flatbuffers::GetMutableRoot<T>

[triplef]

[REQUIRED] Please fill in the following fields:

• Pre-built SDK from the website or open-source from this repo: open-source (self built)
• Firebase C++ SDK version: v11.3.0
• Problematic Firebase Component: Remote Config
• Other Firebase Components in use: Auth
• Platform you are using the C++ SDK on: Windows
• Platform you are targeting: Windows

[REQUIRED] Please describe the issue here:

We have multiple users where the app crashes on launch with the following stack trace. From what we can tell from our crash reporting, on affected machines the crash is always reproducible.

Application Specific Information:
Fatal Error: EXCEPTION_ACCESS_VIOLATION_READ / 0x0

Thread 15556 Crashed:
0   xxxxapp.exe                     0x7ff601834fb9      flatbuffers::GetMutableRoot<T> (flatbuffers.h:2080)
1   xxxxapp.exe                     0x7ff601a43246      firebase::remote_config::internal::RemoteConfigResponse::MarkCompleted (remote_config_response.cc:98)
2   xxxxapp.exe                     0x7ff6019177b1      firebase::rest::BackgroundTransportCurl::~BackgroundTransportCurl (transport_curl.cc:407)
3   xxxxapp.exe                     0x7ff601918f22      firebase::rest::CurlThread::ProcessRequests (transport_curl.cc:905)
4   xxxxapp.exe                     0x7ff6019170ee      [inlined] std::invoke (type_traits:1574)
5   xxxxapp.exe                     0x7ff6019170ee      std::thread::_Invoke<T> (thread:55)
6   ucrtbase.dll                    0x7ffe22396c0b      thread_start<T>
7   KERNEL32.DLL                    0x7ffe2422559f      BaseThreadInitThunk
8   ntdll.dll                       0x7ffe24c8485a      RtlUserThreadStart

We initialize Remote Config early during app launch, and at the time of the crash most other threads are also from Firebase and seem to be always in the same state. Specifically the main thread always looks like this:

Thread 7700
0   ntdll.dll                       0x7ffb8852d064      ZwWaitForSingleObject
1   KERNELBASE.dll                  0x7ffb85eb30cd      WaitForSingleObjectEx
2   xxxxapp.exe                     0x7ff6a9962231      firebase::Mutex::Acquire (mutex_windows.cc:35)
3   xxxxapp.exe                     0x7ff6a9a4771a      [inlined] firebase::MutexLock::{ctor} (mutex.h:85)
4   xxxxapp.exe                     0x7ff6a9a4771a      firebase::remote_config::internal::RemoteConfigInternal::CheckValueInConfig (remote_config_desktop.cc:350)
5   xxxxapp.exe                     0x7ff6a9a4767b      firebase::remote_config::internal::RemoteConfigInternal::CheckValueInActiveAndDefault (remote_config_desktop.cc:338)
6   xxxxapp.exe                     0x7ff6a9a469d1      firebase::remote_config::internal::RemoteConfigInternal::GetString (remote_config_desktop.cc:427)
7   xxxxapp.exe                     0x7ff6a997f141      firebase::remote_config::RemoteConfig::GetString (remote_config.cc:211)
<redacted>
21  xxxxapp.exe                     0x7ff6a92f47ec      main (main.cpp:157)
22  xxxxapp.exe                     0x7ff6a9c6e64c      qtEntryPoint (qtentrypoint_win.cpp:50)
23  xxxxapp.exe                     0x7ff6a9c6e3ad      [inlined] invoke_main (exe_common.inl:102)
24  xxxxapp.exe                     0x7ff6a9c6e3ad      __scrt_common_main_seh (exe_common.inl:288)
25  KERNEL32.DLL                    0x7ffb86dd7613      BaseThreadInitThunk
26  ntdll.dll                       0x7ffb884e26b0      RtlUserThreadStart

Following are the full stack traces from 4 different machines and OS versions, all identical:
crash1.txt
crash2.txt
crash3.txt
crash4.txt

We are unable to reproduce the crash ourselves, and since we have no means to get in touch with affected users we also don’t have much further information than the above.

Steps to reproduce:

Unknown.

Relevant Code:

Initialize