clamp re-queried physical device count in setup_loader_term_phys_devs

[aizu-m]

setup_loader_term_phys_devs, the per-ICD two-call enumeration:

loader.c:6795  physical_devices = loader_stack_alloc(device_count * sizeof(VkPhysicalDevice));  // sizing query
loader.c:6806  EnumeratePhysicalDevices(icd_instance, &device_count, physical_devices);          // fill query
loader.c:6921  for (j = 0; j < device_count; ++j)
loader.c:6922      check_and_add_to_new_phys_devs(..., physical_devices[j], ...);

Walking the two calls: device_count is the same in/out variable for both, and the size handed to loader_stack_alloc is never kept. A driver that reports a larger device_count on the fill call than on the sizing call leaves the consume loop reading past the end of the stack array, and those out-of-bounds VkPhysicalDevice handles feed straight into the wrapped device list.

terminator_EnumeratePhysicalDeviceGroups already clamps its re-queried group count this way; the base vkEnumeratePhysicalDevices path was the one still trusting the second count. Snapshot the count before the fill call and clamp device_count back down to it.

[ci-tester-lunarg]

Author aizu-m not on autobuild list. Waiting for curator authorization before starting CI build.

[ci-tester-lunarg]

Author aizu-m not on autobuild list. Waiting for curator authorization before starting CI build.

[ci-tester-lunarg]

CI Vulkan-Loader build queued with queue ID 18012.

[charles-lunarg]

More defensive checks for bad drivers, good with me.

[ci-tester-lunarg]

CI Vulkan-Loader build # 3591 running.

[ci-tester-lunarg]

CI Vulkan-Loader build # 3591 passed.