Fix invalid iteration of empty override path

Found by OSS-Fuzz

Author: charles-lunarg

loader/loader.c

@@ -4250,9 +4250,13 @@ VkResult get_override_layer_override_paths(struct loader_instance *inst, struct
         for (uint32_t j = 0; j < prop->override_paths.count; j++) {
             copy_data_file_info(prop->override_paths.list[j], NULL, 0, &cur_write_ptr);
         }
+
+        // Subtract one from cur_write_ptr only if something was written so we can set the null terminator
+        if (*override_paths < cur_write_ptr) {
+            --cur_write_ptr;
+            assert(cur_write_ptr - (*override_paths) < (ptrdiff_t)override_path_size);
+        }
         // Remove the last path separator
-        --cur_write_ptr;
-        assert(cur_write_ptr - (*override_paths) < (ptrdiff_t)override_path_size);
         *cur_write_ptr = '\0';
         loader_log(inst, VULKAN_LOADER_WARN_BIT | VULKAN_LOADER_LAYER_BIT, 0, "Override layer has override paths set to %s",
                    *override_paths);

tests/framework/data/fuzz_test_minimized_test_cases/clusterfuzz-testcase-minimized-instance_enumerate_fuzzer-6740380288876544

@@ -212,6 +212,10 @@ TEST(BadJsonInput, ClusterFuzzTestCase_6465902356791296) {
     // Causes an integer overflow - instance_enumerate_fuzzer: Integer-overflow in parse_value
     execute_instance_enumerate_fuzzer("clusterfuzz-testcase-minimized-instance_enumerate_fuzzer-6465902356791296");
 }
+TEST(BadJsonInput, ClusterFuzzTestCase_6740380288876544) {
+    // Does crash with ASAN
+    execute_instance_enumerate_fuzzer("clusterfuzz-testcase-minimized-instance_enumerate_fuzzer-6740380288876544");
+}
 TEST(BadJsonInput, ClusterFuzzTestCase_4512865114259456) {
     // Does crash with UBSAN and ASAN
     // malloc(): invalid size (unsorted)