runtime: ExcecutionEngineException when using StringBuilder on long strings

Description

This issue was originally reported to Visual Studio (https://developercommunity.visualstudio.com/t/Prevent-using-precompiled-images-in-de/10363031) because it seems to only reproduce when turning off precompiled images under the debugger.

Reproduction Steps

1. Create a simple dotnet 7 console application with the following code:

var count = 100000;
_ = string.Join(" ", Enumerable.Range(0, count).Select(_ => "Hello world!"));

1. In Visual Studio, turn on the option in Tools > Options > Debugging > General > “Prevent using precompiled images…”

2. Start debugging.

Expected behavior

The application runs to completion.

Actual behavior

Either an ArgumentOutOfRangeException or an ExecutionEngineException is thrown.

Regression?

No response

Known Workarounds

No response

Configuration

Using dotnet 7.0.5, and the latest dotnet 8 preview. Windows 11 x64

Other information

I think that it might be due to an overflow error while computing the length of the underlying span that is being used by the StringBuilder.

This repros in both dotnet 7, and dotnet 8 preview, though the location that the error is thrown from in dotnet 8 is different. I have heap dumps of the crashing processes in dotnet 7. I can make some for dotnet 8 if necessary as well.