Describe the bug

When multiplying a string that is already the result of a string multiplication,
jq will access memory in jvp_utf8_next that was previously freed in jv_string_append_buf.

To Reproduce

echo '"abc"' | jq '63666*.*3'

This invocation results in a segmentation fault on my computer.

Expected behavior

jq should repeat "abc" many times.

Environment (please complete the following information):

OS

• debian unstable on Linux 5.6.7 (x86_64)

jq versions tested

• 64-bit binary version 1.6 from github release
• debian package version 1.6-1
• build from source using git master (5b9e63e)

Additional context

This behavior was detected using techniques developed by the SYMBIOSYS research project at COMSYS, RWTH Aachen University. This research is supported by the European Research Council (ERC) under the EU's Horizon 2020 Research and Innovation Programme grant agreement n. 647295 (SYMBIOSYS).