Fixes #5950 - path to fromCodePoint in JIT now throws range error on large input

Author: wyrichte

lib/Runtime/Base/CharStringCache.cpp

@@ -78,10 +78,19 @@ using namespace Js;
     {
         Assert(c >= 0x10000);
         CompileAssert(sizeof(char16) * 2 == sizeof(codepoint_t));
+
+        ScriptContext* scriptContext = JavascriptLibrary::FromCharStringCache(this)->GetScriptContext();
+
+        // #sec - string.fromcodepoint: "If nextCP < 0 or nextCP > 0x10FFFF, throw a RangeError exception"
+        if (c > 0x10FFFF)
+        {
+            JavascriptError::ThrowRangeError(scriptContext, JSERR_InvalidCodePoint, scriptContext->GetIntegerString(c));
+        }
+
         char16 buffer[2];
 
         Js::NumberUtilities::CodePointAsSurrogatePair(c, buffer, buffer + 1);
-        JavascriptString* str = JavascriptString::NewCopyBuffer(buffer, 2, JavascriptLibrary::FromCharStringCache(this)->GetScriptContext());
+        JavascriptString* str = JavascriptString::NewCopyBuffer(buffer, 2, scriptContext);
         // TODO: perhaps do some sort of cache for supplementary characters
         return str;
     }

test/Strings/fromCodePoint.js

@@ -0,0 +1,18 @@
+//-------------------------------------------------------------------------------------------------------
+// Copyright (C) Microsoft. All rights reserved.
+// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
+//-------------------------------------------------------------------------------------------------------
+
+function f() {
+    var var_0 = new Array(1024);
+    for (var var_1 = 0; ; var_1 += 1024) {
+        var_0[var_1] = String.fromCodePoint(var_1);
+    }
+}
+
+try {
+    f();
+}
+catch(e) {
+    WScript.Echo("pass");
+}

test/Strings/rlexe.xml

@@ -12,6 +12,11 @@
       <baseline>fromCharCode.baseline</baseline>
     </default>
   </test>
+  <test>
+    <default>
+      <files>fromCodePoint.js</files>
+    </default>
+  </test>
   <test>
     <default>
       <files>charCodeAt.js</files>