Prevent precompute of stringview_wtf16.slice splitting unicode codepoints. (#7320)

Author: rluble

src/wasm-interpreter.h

@@ -2273,6 +2273,20 @@ class ExpressionRunner : public OverriddenVisitor<SubType, Flow> {
 
     Literals contents;
     if (endVal > startVal) {
+      // Check that the slice is valid; since we can assume that we have a valid
+      // UTF-16, we only need to check that it did not split surrgate pairs.
+      auto firstChar = refValues[startVal].getInteger();
+      if (firstChar >= 0xDC00 && firstChar <= 0xDFFF) {
+        // The first char cannot be a low surrogate.
+        return Flow(NONCONSTANT_FLOW);
+      }
+
+      auto lastChar = refValues[endVal - 1].getInteger();
+      if (lastChar >= 0xD800 && lastChar <= 0xDBFF) {
+        // The last char cannot be a high surrogate.
+        return Flow(NONCONSTANT_FLOW);
+      }
+
       contents.reserve(endVal - startVal);
       for (size_t i = startVal; i < endVal; i++) {
         if (i < refValues.size()) {

test/lit/passes/precompute-strings.wast

@@ -26,6 +26,10 @@
 
  ;; CHECK:      (export "slice-unicode" (func $slice-unicode))
 
+ ;; CHECK:      (export "slice-invalid-unicode-end" (func $slice-invalid-unicode-end))
+
+ ;; CHECK:      (export "slice-invalid-unicode-begin" (func $slice-invalid-unicode-begin))
+
  ;; CHECK:      (func $eq-no (type $0) (result i32)
  ;; CHECK-NEXT:  (i32.const 0)
  ;; CHECK-NEXT: )
@@ -225,6 +229,39 @@
   )
  )
 
+ ;; CHECK:      (func $slice-invalid-unicode-end (type $2) (result (ref string))
+ ;; CHECK-NEXT:  (stringview_wtf16.slice
+ ;; CHECK-NEXT:   (string.const "a\f0\90\8d\86b")
+ ;; CHECK-NEXT:   (i32.const 0)
+ ;; CHECK-NEXT:   (i32.const 2)
+ ;; CHECK-NEXT:  )
+ ;; CHECK-NEXT: )
+ (func $slice-invalid-unicode-end (export "slice-invalid-unicode-end") (result (ref string))
+  (stringview_wtf16.slice
+   ;; a𐍆b
+   (string.const "a\f0\90\8d\86b")
+   (i32.const 0)
+   (i32.const 2)
+  )
+ )
+
+ ;; CHECK:      (func $slice-invalid-unicode-begin (type $2) (result (ref string))
+ ;; CHECK-NEXT:  (stringview_wtf16.slice
+ ;; CHECK-NEXT:   (string.const "a\f0\90\8d\86b")
+ ;; CHECK-NEXT:   (i32.const 2)
+ ;; CHECK-NEXT:   (i32.const 4)
+ ;; CHECK-NEXT:  )
+ ;; CHECK-NEXT: )
+ (func $slice-invalid-unicode-begin (export "slice-invalid-unicode-begin") (result (ref string))
+  (stringview_wtf16.slice
+   ;; a𐍆b
+   (string.const "a\f0\90\8d\86b")
+   (i32.const 2)
+   (i32.const 4)
+  )
+ )
+
+
  ;; CHECK:      (func $string.new-mutable (type $3) (result anyref)
  ;; CHECK-NEXT:  (string.new_wtf16_array
  ;; CHECK-NEXT:   (array.new_fixed $array16 4