Describe the bug
Lack of size checks on blobs or topology state.
E.g.

• comp_dev_get_first_data_* missing nullity checks
• comp_get_data_blob not checking the size params
• Not checking both upper and lower bounds on init data

To Reproduce
fuzz

Reproduction Rate
high

Expected behavior
robust code

Impact
security

Possible long term fix
Algebraic typing (RUST!)

Short term fixes
Some sort of checks on special functions we know are misused using CI tooling