Fix panic with out-of-bounds flags in Value (bytecodealliance#13015)

This commit fixes a panic when a component model `Value` is lifted from
a flags value which specifies out-of-bounds bits as 1. This is specified
in the component model to ignore the out-of-bounds bits, which `flags!`
correctly did (and thus `bindgen!`), but `Value` treated out-of-bounds
bits as a panic due to indexing an array.

Author: alexcrichton

crates/wasmtime/src/runtime/component/values.rs

@@ -1142,7 +1142,7 @@ fn lower_map<T>(
 }
 
 fn push_flags(ty: &TypeFlags, flags: &mut Vec<String>, mut offset: u32, mut bits: u32) {
-    while bits > 0 {
+    while bits > 0 && usize::try_from(offset).unwrap() < ty.names.len() {
         if bits & 1 != 0 {
             flags.push(ty.names[offset as usize].clone());
         }

tests/all/component_model/dynamic.rs

@@ -1237,3 +1237,72 @@ fn introspection() -> Result<()> {
     );
     Ok(())
 }
+
+#[test]
+fn flags_beyond_end() -> Result<()> {
+    let engine = super::engine();
+
+    let component = Component::new(
+        &engine,
+        r#"
+            (component
+                (type $f' (flags "a" "b"))
+                (export $f "f" (type $f'))
+
+                (core module $m
+                    (func (export "r") (param i32) (result i32) local.get 0)
+                )
+                (core instance $i (instantiate $m))
+                (func (export "run") (param "x" u32) (result $f)
+                    (canon lift (core func $i "r")))
+            )
+        "#,
+    )?;
+    let mut store = Store::new(&engine, ());
+    let instance = Linker::new(&engine).instantiate(&mut store, &component)?;
+    let run = instance.get_func(&mut store, "run").unwrap();
+
+    let mut output = [Val::Bool(false)];
+    run.call(&mut store, &[Val::U32(0)], &mut output)?;
+    assert_eq!(output[0], Val::Flags(vec![]));
+
+    let mut output = [Val::Bool(false)];
+    run.call(&mut store, &[Val::U32(1)], &mut output)?;
+    assert_eq!(output[0], Val::Flags(vec!["a".to_string()]));
+
+    let mut output = [Val::Bool(false)];
+    run.call(&mut store, &[Val::U32(2)], &mut output)?;
+    assert_eq!(output[0], Val::Flags(vec!["b".to_string()]));
+
+    let mut output = [Val::Bool(false)];
+    run.call(&mut store, &[Val::U32(3)], &mut output)?;
+    assert_eq!(
+        output[0],
+        Val::Flags(vec!["a".to_string(), "b".to_string()])
+    );
+    let mut output = [Val::Bool(false)];
+
+    run.call(&mut store, &[Val::U32(4)], &mut output)?;
+    assert_eq!(output[0], Val::Flags(vec![]));
+
+    run.call(&mut store, &[Val::U32(5)], &mut output)?;
+    assert_eq!(output[0], Val::Flags(vec!["a".to_string()]));
+
+    wasmtime::component::flags! {
+        F {
+            #[component(name = "a")]
+            const A;
+            #[component(name = "b")]
+            const B;
+        }
+    }
+
+    let run = instance.get_typed_func::<(u32,), (F,)>(&mut store, "run")?;
+    assert_eq!(run.call(&mut store, (0,))?, (F::empty(),));
+    assert_eq!(run.call(&mut store, (1,))?, (F::A,));
+    assert_eq!(run.call(&mut store, (2,))?, (F::B,));
+    assert_eq!(run.call(&mut store, (3,))?, (F::A | F::B,));
+    assert_eq!(run.call(&mut store, (4,))?, (F::empty(),));
+    assert_eq!(run.call(&mut store, (5,))?, (F::A,));
+    Ok(())
+}