common/bolt12: fix tlv_span() behaviour with empty tlvstream

Changelog-Fixed: When `tlv_span()` receives an empty `tlvsteam`,
it sets the value of `startp` to `start` - `tlvstream` =
`NULL` - `tlvstream` where `tlvstream` is a pointer.

Similarly, `end` can also become `NULL` when `fromwire_bigsize()`
reads to the end of `cursor` and then sets `cursor` = `NULL`
resulting in the same error.

Since this is undefined behaviour, add a fix for it by correcting
the initial value of `end` and guarding against `cursor` = `NULL`.

Author: Chandra Pratap

common/bolt12.c

@@ -613,16 +613,26 @@ size_t tlv_span(const u8 *tlvstream, u64 minfield, u64 maxfield,
 	size_t tlvlen = tal_bytelen(tlvstream);
 	const u8 *start, *end;
 
-	start = end = NULL;
+	start = NULL;
+	end = tlvstream;
 	while (tlvlen) {
 		const u8 *before = cursor;
 		bigsize_t type = fromwire_bigsize(&cursor, &tlvlen);
+		if (!cursor)
+			break;
+
 		bigsize_t len = fromwire_bigsize(&cursor, &tlvlen);
+		if (!cursor)
+			break;
+
 		if (type >= minfield && start == NULL)
 			start = before;
 		if (type > maxfield)
 			break;
 		fromwire_pad(&cursor, &tlvlen, len);
+		if (!cursor)
+			break;
+
 		end = cursor;
 	}
 	if (!start)