SIGSEGV during the processing 7zip archive

SIGSEGV during the processing 7zip archive

# Description
During extraction of the attached 7zip archive via
```
/usr/libexec/p7zip/7za e -so -y /testcase
```
a nullpointer dereference is triggered and causes a segmentation fault (SIGSEGV).

This bug allows an attacker to perform a denial of service and possibly opens up
other attack vectors.

To reproduce the crash, we provide scripts alongside the crashing input:
- ./reproduce-ubuntu.sh: Reproduce crash via a Ubuntu 20.04 docker container

If you need further details, we are happy to assist where possible.

# apt show p7zip-full
Package: p7zip-full
Version: 16.02+dfsg-7build1
Priority: optional
Section: universe/utils
Source: p7zip
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Robert Luberda <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 4887 kB
Depends: p7zip (= 16.02+dfsg-7build1), libc6 (>= 2.14), libgcc-s1 (>= 3.0), libstdc++6 (>= 5)
Suggests: p7zip-rar
Breaks: p7zip (<< 15.09+dfsg-3~)
Replaces: p7zip (<< 15.09+dfsg-3~)
Homepage: http://p7zip.sourceforge.net/
Task: kubuntu-desktop, kubuntu-full, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop
Download-Size: 1187 kB
APT-Manual-Installed: no
APT-Sources: http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages
Description: 7z and 7za file archivers with high compression ratio

# valgrind ubuntu
[+] Running /usr/lib/p7zip/7z e -so -y /testcase
==1== Memcheck, a memory error detector
==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1== Command: /usr/lib/p7zip/7z e -so -y /testcase
==1==
==1== Invalid read of size 4
==1== at 0x5282035: UnknownInlinedFun (NsisIn.h:63)
==1== by 0x5282035: NArchive::NNsis::CInArchive::Parse() (NsisIn.cpp:4999)
==1== by 0x528234E: NArchive::NNsis::CInArchive::Open2(unsigned char const*, unsigned long) [clone .part.0] (NsisIn.cpp:5659)
==1== by 0x52829B2: Open2 (NsisIn.cpp:5537)
==1== by 0x52829B2: NArchive::NNsis::CInArchive::Open(IInStream*, unsigned long long const*) (NsisIn.cpp:5836)
==1== by 0x527DA8A: NArchive::NNsis::CHandler::Open(IInStream*, unsigned long long const*, IArchiveOpenCallback*) (NsisHandler.cpp:196)
==1== by 0x143291: OpenArchiveSpec(IInArchive*, bool, IInStream*, unsigned long long const*, IArchiveOpenCallback*, IArchiveExtractCallback*) (OpenArchive.cpp:1537)
==1== by 0x148B47: CArc::OpenStream2(COpenOptions const&) (OpenArchive.cpp:2636)
==1== by 0x149B9C: CArc::OpenStream(COpenOptions const&) (OpenArchive.cpp:2901)
==1== by 0x14A136: CArc::OpenStreamOrFile(COpenOptions&) (OpenArchive.cpp:2993)
==1== by 0x14B122: CArchiveLink::Open(COpenOptions&) (OpenArchive.cpp:3169)
==1== by 0x14C03C: CArchiveLink::Open2(COpenOptions&, IOpenCallbackUI*) (OpenArchive.cpp:3292)
==1== by 0x14C392: CArchiveLink::Open3(COpenOptions&, IOpenCallbackUI*) (OpenArchive.cpp:3356)
==1== by 0x13A94E: Extract(CCodecs*, CObjectVector<COpenType> const&, CRecordVector<int> const&, CObjectVector<UString>&, CObjectVector<UString>&, NWildcard::CCensorNode const&, CExtractOptions const&, IOpenCallbackUI*, IExtractCallbackUI*, IHashCalc*, UString&, CDecompressStat&) (Extract.cpp:362)
==1== Address 0x14 is not stack'd, malloc'd or (recently) free'd
==1==
==1==
==1== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==1== Access not within mapped region at address 0x14
==1== at 0x5282035: UnknownInlinedFun (NsisIn.h:63)
==1== by 0x5282035: NArchive::NNsis::CInArchive::Parse() (NsisIn.cpp:4999)
==1== by 0x528234E: NArchive::NNsis::CInArchive::Open2(unsigned char const*, unsigned long) [clone .part.0] (NsisIn.cpp:5659)
==1== by 0x52829B2: Open2 (NsisIn.cpp:5537)
==1== by 0x52829B2: NArchive::NNsis::CInArchive::Open(IInStream*, unsigned long long const*) (NsisIn.cpp:5836)
==1== by 0x527DA8A: NArchive::NNsis::CHandler::Open(IInStream*, unsigned long long const*, IArchiveOpenCallback*) (NsisHandler.cpp:196)
==1== by 0x143291: OpenArchiveSpec(IInArchive*, bool, IInStream*, unsigned long long const*, IArchiveOpenCallback*, IArchiveExtractCallback*) (OpenArchive.cpp:1537)
==1== by 0x148B47: CArc::OpenStream2(COpenOptions const&) (OpenArchive.cpp:2636)
==1== by 0x149B9C: CArc::OpenStream(COpenOptions const&) (OpenArchive.cpp:2901)
==1== by 0x14A136: CArc::OpenStreamOrFile(COpenOptions&) (OpenArchive.cpp:2993)
==1== by 0x14B122: CArchiveLink::Open(COpenOptions&) (OpenArchive.cpp:3169)
==1== by 0x14C03C: CArchiveLink::Open2(COpenOptions&, IOpenCallbackUI*) (OpenArchive.cpp:3292)
==1== by 0x14C392: CArchiveLink::Open3(COpenOptions&, IOpenCallbackUI*) (OpenArchive.cpp:3356)
==1== by 0x13A94E: Extract(CCodecs*, CObjectVector<COpenType> const&, CRecordVector<int> const&, CObjectVector<UString>&, CObjectVector<UString>&, NWildcard::CCensorNode const&, CExtractOptions const&, IOpenCallbackUI*, IExtractCallbackUI*, IHashCalc*, UString&, CDecompressStat&) (Extract.cpp:362)
==1== If you believe this happened as a result of a stack
==1== overflow in your program's main thread (unlikely but
==1== possible), you can try to increase the size of the
==1== main thread stack using the --main-stacksize= flag.
==1== The main thread stack size used in this run was 8388608.
==1==
==1== HEAP SUMMARY:
==1== in use at exit: 5,335,749 bytes in 842 blocks
==1== total heap usage: 3,373 allocs, 2,531 frees, 6,810,051 bytes allocated
==1==
==1== LEAK SUMMARY:
==1== definitely lost: 0 bytes in 0 blocks
==1== indirectly lost: 0 bytes in 0 blocks
==1== possibly lost: 0 bytes in 0 blocks
==1== still reachable: 5,335,749 bytes in 842 blocks
==1== of which reachable via heuristic:
==1== newarray : 1,256 bytes in 1 blocks
==1== suppressed: 0 bytes in 0 blocks
==1== Rerun with --leak-check=full to see details of leaked memory
==1==
==1== For lists of detected and suppressed errors, rerun with: -s
==1== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)