Fix GetSpanDataFrom (#63306)

- GC Protect the type parameter
- set data to value before asserting that it isn't NULL

Fixes #62285

Co-authored-by: Jan Kotas <jkotas@microsoft.com>
Co-authored-by: Aaron Robinson <arobins@microsoft.com>

src/coreclr/classlibnative/bcltype/arraynative.cpp

@@ -1154,23 +1154,25 @@ FCIMPL2_IV(void, ArrayNative::InitializeArray, ArrayBase* pArrayRef, FCALLRuntim
 }
 FCIMPLEND
 
-FCIMPL3(void*, ArrayNative::GetSpanDataFrom, FCALLRuntimeFieldHandle structField, FCALLRuntimeTypeHandle targetType, INT32* count)
+FCIMPL3_VVI(void*, ArrayNative::GetSpanDataFrom, FCALLRuntimeFieldHandle structField, FCALLRuntimeTypeHandle targetTypeUnsafe, INT32* count)
 {
     FCALL_CONTRACT;
     struct
     {
         REFLECTFIELDREF refField;
+        REFLECTCLASSBASEREF refClass;
     } gc;
     gc.refField = (REFLECTFIELDREF)ObjectToOBJECTREF(FCALL_RFH_TO_REFLECTFIELD(structField));
+    gc.refClass = (REFLECTCLASSBASEREF)ObjectToOBJECTREF(FCALL_RTH_TO_REFLECTCLASS(targetTypeUnsafe));
     void* data;
-    HELPER_METHOD_FRAME_BEGIN_RET_1(gc);
+    HELPER_METHOD_FRAME_BEGIN_RET_PROTECT(gc);
 
     FieldDesc* pField = (FieldDesc*)gc.refField->GetField();
 
     if (!pField->IsRVA())
         COMPlusThrow(kArgumentException);
 
-    TypeHandle targetTypeHandle = FCALL_RTH_TO_REFLECTCLASS(targetType)->GetType();
+    TypeHandle targetTypeHandle = gc.refClass->GetType();
     if (!CorTypeInfo::IsPrimitiveType(targetTypeHandle.GetSignatureCorElementType()) && !targetTypeHandle.IsEnum())
         COMPlusThrow(kArgumentException);
 
@@ -1180,8 +1182,9 @@ FCIMPL3(void*, ArrayNative::GetSpanDataFrom, FCALLRuntimeFieldHandle structField
     // Report the RVA field to the logger.
     g_IBCLogger.LogRVADataAccess(pField);
 
-    _ASSERTE(data != NULL && count != NULL);
     data = pField->GetStaticAddressHandle(NULL);
+    _ASSERTE(data != NULL);
+    _ASSERTE(count != NULL);
 
     if (AlignUp((UINT_PTR)data, targetTypeSize) != (UINT_PTR)data)
         COMPlusThrow(kArgumentException);

src/coreclr/classlibnative/bcltype/arraynative.h

@@ -48,7 +48,7 @@ class ArrayNative
 
     // This method will acquire data to create a span from a TypeHandle
     // to a field.
-    static FCDECL3(void*, GetSpanDataFrom, FCALLRuntimeFieldHandle structField, FCALLRuntimeTypeHandle targetType, INT32* count);
+    static FCDECL3_VVI(void*, GetSpanDataFrom, FCALLRuntimeFieldHandle structField, FCALLRuntimeTypeHandle targetTypeUnsafe, INT32* count);
 
 private:
     // Helper for CreateInstance

src/tests/issues.targets

@@ -57,9 +57,6 @@
         <ExcludeList Include="$(XUnitTestBinBase)/JIT/HardwareIntrinsics/X86/X86Base/Pause*/**">
             <Issue>https://github.com/dotnet/runtime/issues/62423</Issue>
         </ExcludeList>
-        <ExcludeList Include = "$(XunitTestBinBase)/JIT/Intrinsics/CreateSpan_il/*">
-            <Issue>https://github.com/dotnet/runtime/issues/62285</Issue>
-        </ExcludeList>
         <ExcludeList Include="$(XunitTestBinBase)/Loader/binding/tracing/BinderTracingTest.Basic/*">
             <Issue>https://github.com/dotnet/runtime/issues/57786</Issue>
         </ExcludeList>