Fix for a potential inifite loop in PrepareToReadVendorReservedElements

When scanning up through the elements in search of a Vendor Reserved
element, `PrepareToReadVendorReser` would call `mTlvReader.Next()`
inside a `while (true)` loop.  Should the `TLVReader::Next()` return
an error other than `END_OF_TLV` the loop reader would neither advance
nor exit the loop.  The change exits the function on any way in a way
that parallels the earlier error checks on TLVReader errors.

src/credentials/DeviceAttestationVendorReserved.h

@@ -62,6 +62,8 @@ class DeviceAttestationVendorReservedDeconstructor
                 break;
             }
 
+            ReturnErrorOnFailure(err);
+
             TLV::Tag tag = mTlvReader.GetTag();
             if (!TLV::IsContextTag(tag))
                 break;

src/credentials/tests/TestDeviceAttestationConstruction.cpp

@@ -500,6 +500,32 @@ static void TestAttestationElements_DeconstructionUnordered(nlTestSuite * inSuit
     NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_UNEXPECTED_TLV_ELEMENT);
 }
 
+static void TestAttestationElements_DeconstructionCorruptedTLV(nlTestSuite * inSuite, void * inContext)
+{
+    CHIP_ERROR err = CHIP_NO_ERROR;
+    using chip::FormatCHIPError;
+
+    // last element in the TLV 0x30 0x10 0x37 is engineered to generate a TLV
+    // underrun error -- the element claims to be an octet string with a length
+    // of 0x37 bytes but no data is actually present
+    constexpr uint8_t attestationElementsCorruptedTLVTestVector[] = {
+        0x15, 0x30, 0x01, 0x70, 0xd2, 0x84, 0x4b, 0xa2, 0x01, 0x26, 0x04, 0x46, 0x63, 0x73, 0x61, 0x63, 0x64, 0x30, 0xa0,
+        0x58, 0x1d, 0x15, 0x25, 0x01, 0x88, 0x99, 0x25, 0x02, 0xfe, 0xff, 0x25, 0x03, 0xd2, 0x04, 0x25, 0x04, 0x2e, 0x16,
+        0x24, 0x05, 0xaa, 0x25, 0x06, 0xde, 0xc0, 0x25, 0x07, 0x94, 0x26, 0x18, 0x58, 0x40, 0x96, 0x57, 0x2d, 0xd6, 0x3c,
+        0x03, 0x64, 0x0b, 0x28, 0x67, 0x02, 0xbd, 0x6b, 0xba, 0x48, 0xac, 0x7c, 0x83, 0x54, 0x9b, 0x68, 0x73, 0x29, 0x47,
+        0x48, 0xb9, 0x51, 0xd5, 0xab, 0x66, 0x62, 0x2e, 0x9d, 0x26, 0x10, 0x41, 0xf8, 0x0e, 0x97, 0x49, 0xfe, 0xff, 0x78,
+        0x10, 0x02, 0x49, 0x67, 0xae, 0xdf, 0x41, 0x38, 0x36, 0x5b, 0x0a, 0x22, 0x57, 0x14, 0x9c, 0x9a, 0x12, 0x3e, 0x0d,
+        0x30, 0xaa, 0x30, 0x02, 0x20, 0xe0, 0x42, 0x1b, 0x91, 0xc6, 0xfd, 0xcd, 0xb4, 0x0e, 0x2a, 0x4d, 0x2c, 0xf3, 0x1d,
+        0xb2, 0xb4, 0xe1, 0x8b, 0x41, 0x1b, 0x1d, 0x3a, 0xd4, 0xd1, 0x2a, 0x9d, 0x90, 0xaa, 0x8e, 0x52, 0xfa, 0xe2, 0x26,
+        0x03, 0xfd, 0xc6, 0x5b, 0x28, 0x30, 0x10, 0x37
+    };
+
+    DeviceAttestationVendorReservedDeconstructor vendorReserved;
+    size_t count = 2;
+    err = vendorReserved.PrepareToReadVendorReservedElements(ByteSpan(attestationElementsCorruptedTLVTestVector), count);
+    NL_TEST_ASSERT(inSuite, err == CHIP_ERROR_TLV_UNDERRUN);
+}
+
 static void TestNocsrElements_Construction(nlTestSuite * inSuite, void * inContext)
 {
     static constexpr uint8_t kNocsrNonce[32] = {
@@ -644,6 +670,7 @@ static const nlTest sTests[] = {
     NL_TEST_DEF("Test Vendor Reserved Data Ordering", TestVendorReservedData),
     NL_TEST_DEF("Test Device Attestation Elements Deconstruction with Firmware Information", TestAttestationElements_DeconstructionWithFirmwareInfo),
     NL_TEST_DEF("Test Device Attestation Elements Deconstruction - Corrupted/Out of Order TLV", TestAttestationElements_DeconstructionUnordered),
+    NL_TEST_DEF("Test Device Attestation Elements Deconstruction - Corrupted TLV -- vendor reserved elements", TestAttestationElements_DeconstructionCorruptedTLV),
     NL_TEST_DEF("Test Device Attestation Elements Deconstruction - No vendor reserved", TestAttestationElements_DeconstructionNoVendorReserved),
     NL_TEST_DEF("Test Device NOCSR Elements Construction", TestNocsrElements_Construction),
     NL_TEST_DEF("Test Device NOCSR Elements Deconstruction", TestNocsrElements_Deconstruction),