pod: check that choices are not empty

Before using the contents of a choice, check that it is not empty to
avoid reading out of bounds.

spa/include/spa/debug/format.h

@@ -185,7 +185,7 @@ SPA_API_DEBUG_FORMAT int spa_debugc_format(struct spa_debug_context *ctx, int in
 		size = val->size;
 		vals = SPA_POD_BODY(val);
 
-		if (type < SPA_TYPE_None || type >= _SPA_TYPE_LAST)
+		if (type < SPA_TYPE_None || type >= _SPA_TYPE_LAST || n_vals < 1)
 			continue;
 
 		ti = spa_debug_type_find(info, prop->key);

spa/include/spa/pod/compare.h

@@ -117,6 +117,9 @@ SPA_API_POD_COMPARE int spa_pod_compare(const struct spa_pod *pod1,
 	if (pod1->type != pod2->type)
 		return -EINVAL;
 
+	if (n_vals1 < 1)
+		return -EINVAL; /* empty choice */
+
 	switch (pod1->type) {
 	case SPA_TYPE_Struct:
 	{

spa/include/spa/pod/filter.h

@@ -80,8 +80,13 @@ spa_pod_filter_prop(struct spa_pod_builder *b,
 	int res, n_copied = 0;
 
 	v1 = spa_pod_get_values(&p1->value, &nalt1, &p1c);
-	alt1 = SPA_POD_BODY(v1);
 	v2 = spa_pod_get_values(&p2->value, &nalt2, &p2c);
+
+	/* empty choices */
+	if (nalt1 < 1 || nalt2 < 1)
+		return -EINVAL;
+
+	alt1 = SPA_POD_BODY(v1);
 	alt2 = SPA_POD_BODY(v2);
 
 	type = v1->type;

spa/include/spa/pod/simplify.h

@@ -72,7 +72,7 @@ spa_pod_simplify_merge(struct spa_pod_builder *b, const struct spa_pod *pod1, co
 			vals1 = spa_pod_get_values(&p1->value, &n_vals1, &choice1);
 			vals2 = spa_pod_get_values(&p2->value, &n_vals2, &choice2);
 
-			if (vals1->type != vals2->type)
+			if (vals1->type != vals2->type || n_vals1 < 1 || n_vals2 < 1)
 				goto error_einval;
 
 			size = vals1->size;