…t-of-bounds

…s read&write

…onfusion - 360Vulcan

…n a split scope (a function has both a param and body scope), then it is required that the body and param scope are marked as both requiring either a scope object or a scope slot. This was not being enforced in Scope::SetIsObject(). This led to an AV in the interpreter when accessing a property because StLocalSlot was used instead of StLocalObjSlot.

…romise result

    I also added mitigations for bad things that can happen when calling into a closed script context.
    1. We delete xdata before unregistering it, which can lead to UAF if we call address of a closed function. Windows Exception code unconditionally jumps to handler address (i.e. without CFG check), so this can bypass CFG. I changed to delete after unregistering.
    2. We zero code pages when we close script context, which could be exploitable on x86. I changed to fill with debugbreak.