Segfault in Tic at lib_tparm.c:140

[Robert Sebastian Herlim]

Hello, 

This is Robert Sebastian Herlim.

We are currently working on a new fuzz testing feature, and we found crashes in tic.

For ease of maintenance, I'll send the crash one-by-one by email.

[Step to Reproduce]
We configured ncurses with `CXXFLAGS="-g -O0" ./configure`, and run tic using

• ./tic -q -v7 -v5 -a -0 <attached_file> -C

[Environment]
 - OS: Ubuntu 18.04.4 LTS
 - Compiler: gcc 7.5.0
 - ncurses version: 6.2 (https://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.2.tar.gz)

[Additional Context]
I also attached the stack trace of the crash.

```
Program received signal SIGSEGV, Segmentation fault.
__strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
62 ../sysdeps/x86_64/multiarch/strlen-avx2.S: No such file or directory.
#0  __strlen_avx2 () at ../sysdeps/x86_64/multiarch/strlen-avx2.S:62
#1  0x00005555555711fd in save_text (fmt=0x5555557a4c80 "%s", s=0x1 <error: Cannot access memory at address 0x1>, len=0) at ../ncurses/./tinfo/lib_tparm.c:140
#2  0x0000555555571f42 in tparam_internal (use_TPARM_ARG=1, string=0x5555557a8b3c "%p1%p1%?%'c'%>%t%{224}%+%;A\033\301\233%p2%d%i%p3%sɈ\326\033jn%p4%{27}%+%c\337\311%p5%d\032S\v\177@\262u%p6%d%p7%s\237%p8%sDy%p9%s%o%p:%{2}%+%c%p;%p;%{2}%*%-%iB\300B%p;%'E'%+%cH(%\247\361\025%{145}%p<%-%cT%p=%{213}%+%c\346%MvI\227\273L%\305%;%p6t;8%\"Z;m", ap=0x7ffffffea960) at ../ncurses/./tinfo/lib_tparm.c:615
#3  0x0000555555572796 in tparm (string=0x5555557a8b3c "%p1%p1%?%'c'%>%t%{224}%+%;A\033\301\233%p2%d%i%p3%sɈ\326\033jn%p4%{27}%+%c\337\311%p5%d\032S\v\177@\262u%p6%d%p7%s\237%p8%sDy%p9%s%o%p:%{2}%+%c%p;%p;%{2}%*%-%iB\300B%p;%'E'%+%cH(%\247\361\025%{145}%p<%-%cT%p=%{213}%+%c\346%MvI\227\273L%\305%;%p6t;8%\"Z;m") at ../ncurses/./tinfo/lib_tparm.c:854
#4  0x000055555557579b in set_attribute_9 (tp=0x5555557a8c70, flag=1) at ../ncurses/./tinfo/trim_sgr0.c:55
#5  0x0000555555575cd4 in _nc_trim_sgr0 (tp=0x5555557a8c70) at ../ncurses/./tinfo/trim_sgr0.c:245
#6  0x000055555556a3ee in fmt_entry (tterm=0x5555557a8c70, pred=0x555555568554 <dump_predicate>, content_only=0, suppress_untranslatable=0, infodump=0, numbers=0) at ../progs/dump_entry.c:1082
#7  0x000055555556b7be in dump_entry (tterm=0x5555557a8c70, suppress_untranslatable=0, limited=1, numbers=0, pred=0x0) at ../progs/dump_entry.c:1542
#8  0x0000555555560e60 in main (argc=8, argv=0x7fffffffdee8) at ../progs/tic.c:1041
```

Thank you.

--

Sincerely,

Robert Sebastian Herlim

Software Testing & Verification Group, KAIST

poc_0002.txt
Description: Text document

stack_trace_0002.txt
Description: Text document