Sending a _very_ specific string to bc results in a heap overflow:

$ printf 'con\x00ti\x00n\x00ue' | busybox-1.36.1/bin/busybox bc

=441==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x611000000cb8 at pc 0x558e97256997 bp 0x7ffde2d76a10 sp 0x7ffde2d76a00
READ of size 8 at 0x611000000cb8 thread T0
    #0 0x558e97256996 in zbc_parse_break_or_continue miscutils/bc.c:4428
    #1 0x558e97256996 in zbc_parse_stmt_possibly_auto miscutils/bc.c:4717

0x611000000cb8 is located 8 bytes to the left of 256-byte region [0x611000000cc0,0x611000000dc0)
allocated by thread T0 here:
    #0 0x7f6629884867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
    #1 0x558e9731ec5d in xmalloc libbb/xfuncs_printf.c:50

SUMMARY: AddressSanitizer: heap-buffer-overflow miscutils/bc.c:4428 in zbc_parse_break_or_continue
Shadow bytes around the buggy address:
  0x0c227fff8140: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c227fff8150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff8160: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c227fff8170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff8180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c227fff8190: fa fa fa fa fa fa fa[fa]00 00 00 00 00 00 00 00
  0x0c227fff81a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c227fff81b0: 00 00 00 00 00 00 00 00 fa fa fa fa fa fa fa fa
  0x0c227fff81c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff81d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c227fff81e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa

(found by KLEE)