Brillig: Heap corruption in foreign call results with nested tuple arrays
Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in BrilligBlock::compile_block(). When the compiler encounters an Instruction::Call with a Value::ForeignFunction target, it invokes codegen_call() in brillig_call/code_gen_call.rs, which dispatches to convert_ssa_foreign_call(). Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through allocate_external_call_results(), which iterates over the result types. …