[Runtime] Fix MultiPayloadEnumFN case in swift_resolve_resilientAccessors

rdar://112825968

Offsets were wrong, causing invalid memory accesses

Author: drexin

stdlib/public/runtime/BytecodeLayouts.cpp

@@ -1075,11 +1075,14 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
       writer.writeBytes(getEnumTag);
 
       size_t numCases = reader.readBytes<size_t>();
-      // skip ref count bytes
+      auto refCountBytes = reader.readBytes<size_t>();
+
+      // skip enum size
       reader.skip(sizeof(size_t));
 
-      size_t casesBeginOffset =
-          layoutStrOffset + reader.offset + (numCases * sizeof(size_t));
+      size_t casesBeginOffset = layoutStrOffset + reader.offset +
+                                layoutStringHeaderSize +
+                                (numCases * sizeof(size_t));
 
       for (size_t j = 0; j < numCases; j++) {
         size_t caseOffset = reader.readBytes<size_t>();
@@ -1090,6 +1093,7 @@ void swift::swift_resolve_resilientAccessors(uint8_t *layoutStr,
                                          casesBeginOffset + caseOffset,
                                          caseLayoutString, fieldType);
       }
+      reader.skip(refCountBytes);
       break;
     }
 

stdlib/public/runtime/Metadata.cpp

@@ -2822,8 +2822,9 @@ void swift::_swift_addRefCountStringForMetatype(LayoutStringWriter &writer,
              reader.layoutStr + layoutStringHeaderSize, fieldRefCountBytes);
 
       if (fieldFlags & LayoutStringFlags::HasRelativePointers) {
-        swift_resolve_resilientAccessors(writer.layoutStr, writer.offset,
-                                         reader.layoutStr, fieldType);
+        swift_resolve_resilientAccessors(
+            writer.layoutStr, writer.offset,
+            reader.layoutStr + layoutStringHeaderSize, fieldType);
       }
 
       if (offset) {