Check enable_environment for NULL before copying

The enable_environment was missing NULL pointer checks before trying to
copy the string. This issue was found by fuzz testing, so the fuzz test
has been included as a reproducible case.

Author: charles-lunarg

loader/loader.c

@@ -2744,7 +2744,8 @@ VkResult loader_read_layer_json(const struct loader_instance *inst, struct loade
         cJSON *enable_environment = loader_cJSON_GetObjectItem(layer_node, "enable_environment");
 
         // enable_environment is optional
-        if (enable_environment && enable_environment->child && enable_environment->child->type == cJSON_String) {
+        if (enable_environment && enable_environment->child && enable_environment->child->type == cJSON_String &&
+            enable_environment->child->string && enable_environment->child->valuestring) {
             result = loader_copy_to_new_str(inst, enable_environment->child->string, &(props.enable_env_var.name));
             if (VK_SUCCESS != result) goto out;
             result = loader_copy_to_new_str(inst, enable_environment->child->valuestring, &(props.enable_env_var.value));

tests/framework/data/fuzz_test_minimized_test_cases/clusterfuzz-testcase-minimized-instance_enumerate_fuzzer-6583684169269248

@@ -109,6 +109,12 @@ TEST(BadJsonInput, ClusterFuzzTestCase_6308459683315712) {
     // combine_settings_layers_with_regular_layers
     execute_instance_enumerate_fuzzer("clusterfuzz-testcase-instance_enumerate_fuzzer-6308459683315712");
 }
+TEST(BadJsonInput, ClusterFuzzTestCase_6583684169269248) {
+    // Crashes ASAN
+    // Nullptr dereference in loader_copy_to_new_str
+    execute_instance_enumerate_fuzzer("clusterfuzz-testcase-minimized-instance_enumerate_fuzzer-6583684169269248");
+}
+
 TEST(BadJsonInput, ClusterFuzzTestCase_5258042868105216) {
     // Doesn't crash with ASAN or UBSAN
     // Doesn't reproducibly crash - json_load_fuzzer: Abrt in loader_cJSON_Delete