GHSA-JJ7C-X25R-R8R3

Vulnerability from github – Published: 2026-04-21 20:16 – Updated: 2026-04-21 20:16
VLAI?
Summary
Brillig: Heap corruption in foreign call results with nested tuple arrays
Details

Description

Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile_block(). When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes codegen_call() in brillig_call/code_gen_call.rs, which dispatches to convert_ssa_foreign_call().

Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through allocate_external_call_results(), which iterates over the result types. For Type::Array results, it delegates to allocate_foreign_call_result_array() to recursively allocate memory on the heap for nested arrays.

The BrilligArray struct is the internal representation of a Noir array in Brillig IR. Its size field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by compute_array_length() in brillig_block_variables.rs:

pub(crate) fn compute_array_length(item_typ: &CompositeType, elem_count: usize) -> usize {
    item_typ.len() * elem_count
}

For the outer array, allocate_external_call_results() correctly uses define_variable(), which internally calls allocate_value_with_type(). This function applies the formula above, producing the correct semi-flattened size.

However, for nested arrays, allocate_foreign_call_result_array() contains a bug. When it encounters a nested Type::Array(types, nested_size), it calls:

Type::Array(_, nested_size) => { 
    let inner_array = self.brillig_context.allocate_brillig_array(*nested_size as usize);
    // ....
}

The pattern Type::Array(_, nested_size) discards the inner types with _ and uses only nested_size, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Consider a nested array of type [(u32, u32); 3]:

  • Semantic length: 3 (three tuples)
  • Element size: 2 (each tuple has two fields)
  • Required semi-flattened size: 6 memory slots

The current code passes 3 to allocate_brillig_array(), which then calls codegen_initialize_array(). This function allocates array.size + ARRAY_META_COUNT slots, only 4 slots instead of the required 7 (6 data + 1 metadata). When the VM executes the foreign call and writes 6 values plus metadata, it overwrites adjacent heap memory.

Impact

Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap.

Recommendation

Multiply the semantic length by the number of element types when allocating nested arrays. Extract the inner types from the pattern and replace the nested_size argument to allocate_brillig_array() with types.len() * nested_size to compute the semi-flattened size. Alternatively, reuse the existing compute_array_length() helper function to maintain consistency with outer array allocation.

Severity ?
9.3 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0-beta.18"
      },
      "package": {
        "ecosystem": "crates.io",
        "name": "brillig"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.0-beta.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-41197"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-21T20:16:09Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "## Description\n\nNoir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`.\n\nBefore emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays.\n\nThe `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the **semi-flattened size**, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`:\n\n```rust\npub(crate) fn compute_array_length(item_typ: \u0026CompositeType, elem_count: usize) -\u003e usize {\n    item_typ.len() * elem_count\n}\n```\n\nFor the **outer** array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size.\n\nHowever, for **nested** arrays, `allocate_foreign_call_result_array()` contains a bug. When it encounters a nested `Type::Array(types, nested_size)`, it calls:\n\n```rust\nType::Array(_, nested_size) =\u003e { \n\tlet inner_array = self.brillig_context.allocate_brillig_array(*nested_size as usize);\n\t// ....\n}\n```\n\nThe pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the **semantic length** of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Consider a nested array of type `[(u32, u32); 3]`:\n\n-   Semantic length: 3 (three tuples)\n-   Element size: 2 (each tuple has two fields)\n-   Required semi-flattened size: 6 memory slots\n    \n\nThe current code passes `3` to `allocate_brillig_array()`, which then calls `codegen_initialize_array()`. This function allocates `array.size + ARRAY_META_COUNT` slots, only 4 slots instead of the required 7 (6 data + 1 metadata). When the VM executes the foreign call and writes 6 values plus metadata, it overwrites adjacent heap memory.\n\n## Impact\n\nForeign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap.\n\n## Recommendation\n\nMultiply the semantic length by the number of element types when allocating nested arrays. Extract the inner types from the pattern and replace the `nested_size` argument to `allocate_brillig_array()` with `types.len() * nested_size` to compute the semi-flattened size. Alternatively, reuse the existing `compute_array_length()` helper function to maintain consistency with outer array allocation.",
  "id": "GHSA-jj7c-x25r-r8r3",
  "modified": "2026-04-21T20:16:09Z",
  "published": "2026-04-21T20:16:09Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/noir-lang/noir/security/advisories/GHSA-jj7c-x25r-r8r3"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/noir-lang/noir"
    },
    {
      "type": "WEB",
      "url": "https://github.com/noir-lang/noir/releases/tag/v1.0.0-beta.19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Brillig: Heap corruption in foreign call results with nested tuple arrays"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.