[wasm] Fix WasmCodeRefScope use after free

Close WasmCodeRefScope before we potentially free the native module in
UpdateNativeModuleCache.

R=clemensb@chromium.org

Bug: chromium:1062868
Change-Id: I7cd11fd2283a2cc399d05e32c609ff1af07e2706
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2113380
Commit-Queue: Thibaud Michaud <thibaudm@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#66829}

src/wasm/wasm-serialization.cc

@@ -481,6 +481,7 @@ bool NativeModuleDeserializer::Read(Reader* reader) {
   if (!ReadHeader(reader)) return false;
   uint32_t total_fns = native_module_->num_functions();
   uint32_t first_wasm_fn = native_module_->num_imported_functions();
+  WasmCodeRefScope wasm_code_ref_scope;
   for (uint32_t i = first_wasm_fn; i < total_fns; ++i) {
     if (!ReadCode(i, reader)) return false;
   }
@@ -627,8 +628,6 @@ MaybeHandle<WasmModuleObject> DeserializeNativeModule(
         OwnedVector<uint8_t>::Of(wire_bytes_vec));
 
     NativeModuleDeserializer deserializer(shared_native_module.get());
-    WasmCodeRefScope wasm_code_ref_scope;
-
     Reader reader(data + WasmSerializer::kHeaderSize);
     bool error = !deserializer.Read(&reader);
     wasm_engine->UpdateNativeModuleCache(error, &shared_native_module, isolate);