Fix TypedArray.wrap bounds checks (#1067)

Author: MaxGraey

std/assembly/typedarray.ts

@@ -1734,27 +1734,26 @@ function REVERSE<TArray extends ArrayBufferView, T>(array: TArray): TArray {
 // @ts-ignore: decorator
 @inline
 function WRAP<TArray extends ArrayBufferView, T>(buffer: ArrayBuffer, byteOffset: i32 = 0, length: i32 = -1): TArray {
+  var byteLength: i32;
   var bufferByteLength = buffer.byteLength;
-  if (<u32>byteOffset >= <u32>bufferByteLength) {
+  const mask = sizeof<T>() - 1;
+  if (i32(<u32>byteOffset > <u32>bufferByteLength) | (byteOffset & mask)) {
     throw new RangeError(E_INDEXOUTOFRANGE);
   }
-  var byteLength: i32;
   if (length < 0) {
     if (length == -1) {
-      const mask = <i32>(1 << alignof<T>() - 1);
-      if (buffer.byteLength & mask) {
+      if (bufferByteLength & mask) {
         throw new RangeError(E_INVALIDLENGTH);
-      } else {
-        byteLength = buffer.byteLength;
       }
+      byteLength = bufferByteLength - byteOffset;
     } else {
       throw new RangeError(E_INVALIDLENGTH);
     }
   } else {
     byteLength = length << alignof<T>();
-  }
-  if (byteOffset + byteLength > buffer.byteLength) {
-    throw new RangeError(E_INVALIDLENGTH);
+    if (byteOffset + byteLength > bufferByteLength) {
+      throw new RangeError(E_INVALIDLENGTH);
+    }
   }
   var out = __alloc(offsetof<TArray>(), idof<TArray>());
   store<usize>(out, __retain(changetype<usize>(buffer)), offsetof<TArray>("buffer"));