Fix a crash found by AFL

This crash was caused by sending string arguments to
bc_program_asciifyNum(), which shouldn't happen. After all, it's got
"Num" in the name. So I added an if statement for it.

This was a crash from a bug in new code for this release, so we caught a
bug before release! Yay!

Signed-off-by: Gavin Howard <gavin@yzena.com>

2 files changed, 20 insertions, 1 deletions

diff --git a/src/program.c b/src/program.c
index 0a54318a..e46642d5 100644
--- a/src/program.c
+++ b/src/program.c
@@ -2298,7 +2298,15 @@ bc_program_asciify(BcProgram* p)
 		for (i = 0; i < v->len; ++i)
 		{
 			BcNum* num = (BcNum*) bc_vec_item(v, i);
-			temp_str[i] = (char) bc_program_asciifyNum(p, num);
+
+			if (BC_PROG_STR(num))
+			{
+				temp_str[i] = (bc_program_string(p, num))[0];
+			}
+			else
+			{
+				temp_str[i] = (char) bc_program_asciifyNum(p, num);
+			}
 		}
 
 		temp_str[v->len] = '\0';
diff --git a/tests/bc/errors/36.txt b/tests/bc/errors/36.txt
new file mode 100644
index 00000000..5929bdb7
--- /dev/null
+++ b/tests/bc/errors/36.txt
@@ -0,0 +1,11 @@
+n0
+for (i*= 9; i <  725; ++i)strse=a[0] = asciify(180)
+d2
+asciify(a[])
+x = a433
+asciify(a[])
+x = asciify(a[])
+x = asciify(18 = 72@II^II
+F;FR2
+F;FRI3
+Qor
\ No newline at end of file