ubsan fixes

[vanhauser-thc]

Hi,

In a workshop where I did an introduction to fuzzing we did a hands-on with your library.
It surfaced three bugs: two incorrect nan checks and a size issue.

the size issue I did not understand :-) this is what the AI said about this:

   te_expr uses a struct-hack flexible array void *parameters[1]. For
  zero-arity nodes (TE_CONSTANT, TE_VARIABLE, TE_FUNCTION0, and the error
  node), new_expr computes size = (sizeof(te_expr) - sizeof(void*)) + 0 = 16
  bytes — smaller than sizeof(te_expr) (24). Because the harness links ASan and
  UBSan together, UBSan queries ASan's allocator, sees the 16-byte heap object
  is smaller than a full te_expr, and flags ret->type = type (line 98) as UB.
  Since nearly every expression contains a constant, it crashes immediately.

so here you go, these are fixes for the three issues.

if you want I can add the fuzzing harness + script.