Wren Language Out-of-Bounds Read Vulnerability in Compiler

A global buffer overflow vulnerability has been identified in the Wren programming language compiler, specifically in versions up to 0.4.0. The issue arises in the 'emitOp' function within 'src/vm/wren_compiler.c', where the global 'stackEffects' array is accessed using an invalid opcode index, leading to an out-of-bounds read. This vulnerability can be exploited locally, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a global buffer overflow, where the program reads data past the end of the 'stackEffects' array. This type of memory corruption can potentially be exploited to execute arbitrary code or cause a program crash.

Reproduction

The vulnerability can be reproduced by building the Wren compiler with release optimization and AddressSanitizer (ASan) enabled. After compiling the compiler, the 'harness' program can be used to run the compiler with a crafted input file that triggers the out-of-bounds read. The ASan report will indicate the buffer overflow error, confirming the vulnerability.