UsdGeomSubset::GetUnassignedIndices should check the value of the elementCount.

[zomgrolf]

Description of Issue

This is a minor issue in UsdGeomSubset::GetUnassignedIndices: it does not check the value of the elementCount parameter against the total number of assigned indices, before using it to reserve the memory for the result array. If the elementCount is smaller than the total number of assigned indices, reserve gets called with a very big positive number, the allocation fails and the process crashes, trying to dereference the null pointer.

Of course, I can validate the input before calling GetUnassignedIndices, but that would require me to duplicate some of the work GetUnassignedIndices is going to do anyway (computing the size of the set indices that have been assigned), so it would be nice if GetUnassignedIndices could be a bit more defensive and guard against that scenario. If that's not feasible, a note in the docs documenting the preconditions would be nice.

OS: This can be observed on Windows 10, 64-bit. In my case it was 19.05, but the code in master is the same, so this should be reproducible in newer versions too.

Steps to Reproduce

1. Call UsdGeomSubset::GetUnassignedIndices with non-empty geom subsets and elementCount set to 0.

[jtran56]

Filed as internal issue #USD-5599.