tlv: guard tlv_value_get() loop against NULL from tlv_next()

Add 'tlv &&' to the while-loop condition in tlv_value_get().
tlv_next() returns NULL on malformed TLV (length not a multiple of 4).
The existing condition '(uint32_t)tlv < end_addr' does not catch NULL,
causing a NULL dereference on the next iteration.

This is reachable from host IPC via copier_host_create() which parses
optional TLV data appended to the copier module configuration blob.

Signed-off-by: Adrian Bonislawski <adrian.bonislawski@intel.com>

Author: abonislawski

src/include/sof/tlv.h

@@ -91,7 +91,7 @@ static inline void tlv_value_get(const void *data,
 	const struct sof_tlv *tlv = (const struct sof_tlv *)data;
 	const uint32_t end_addr = (uint32_t)data + size;
 
-	while ((uint32_t)tlv < end_addr) {
+	while (tlv && (uint32_t)tlv < end_addr) {
 		if (tlv->type == type) {
 			*value = (void *)tlv->value;
 			*length = tlv->length;