Fix the type of reused RefFunc in Precompute (#6976)

When we precompute something, we try to avoid allocating a new copy. That's important to
avoid many allocations each time we run Precompute - otherwise, each time we see a br
we'd allocate a fresh one, and for its values. But we had a bug where we reused a RefFunc
as the value of a br without updating the type. It's actually tricky to reach a situation where
we find a RefFunc to reuse and it is different from the actual one we want, but the fuzzer
found one.

Fixes the fuzz bug reported on #6845 (but unrelated to that PR).

1 files changed, 2 insertions, 1 deletions

diff --git a/src/passes/Precompute.cpp b/src/passes/Precompute.cpp
index 709fd7d3d..0fc0753ae 100644
--- a/src/passes/Precompute.cpp
+++ b/src/passes/Precompute.cpp
@@ -298,7 +298,8 @@ struct Precompute
                    singleValue.type.getHeapType().isSignature()) {
           if (auto* r = curr->value->template dynCast<RefFunc>()) {
             r->func = singleValue.getFunc();
-            r->finalize();
+            auto heapType = getModule()->getFunction(r->func)->type;
+            r->finalize(Type(heapType, NonNullable));
             curr->finalize();
             return;
           }