diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c
index df35557..2e68991 100644
*** a/src/backend/utils/adt/float.c
--- b/src/backend/utils/adt/float.c
*************** float4out(PG_FUNCTION_ARGS)
*** 258,269 ****
  			break;
  		default:
  			{
  				int			ndig = FLT_DIG + extra_float_digits;
  
  				if (ndig < 1)
  					ndig = 1;
  
! 				ascii = psprintf("%.*g", ndig, num);
  			}
  	}
  
--- 258,287 ----
  			break;
  		default:
  			{
+ 				/*
+ 				 * We don't go through snprintf.c here because, for this
+ 				 * particular choice of format string, it adds nothing of
+ 				 * value to the native behavior of sprintf() --- except
+ 				 * handling buffer overrun.  We just make the buffer big
+ 				 * enough to not have to worry.
+ 				 */
+ #undef sprintf
  				int			ndig = FLT_DIG + extra_float_digits;
+ 				int			len PG_USED_FOR_ASSERTS_ONLY;
  
+ 				/* Neither of these limits can trigger, but be paranoid */
  				if (ndig < 1)
  					ndig = 1;
+ 				else if (ndig > 32)
+ 					ndig = 32;
  
! 				ascii = (char *) palloc(64);
! 
! 				len = sprintf(ascii, "%.*g", ndig, num);
! 
! 				Assert(len > 0 && len < 64);
! 
! #define sprintf pg_sprintf
  			}
  	}
  
*************** float8out_internal(double num)
*** 494,505 ****
  			break;
  		default:
  			{
  				int			ndig = DBL_DIG + extra_float_digits;
  
  				if (ndig < 1)
  					ndig = 1;
  
! 				ascii = psprintf("%.*g", ndig, num);
  			}
  	}
  
--- 512,541 ----
  			break;
  		default:
  			{
+ 				/*
+ 				 * We don't go through snprintf.c here because, for this
+ 				 * particular choice of format string, it adds nothing of
+ 				 * value to the native behavior of sprintf() --- except
+ 				 * handling buffer overrun.  We just make the buffer big
+ 				 * enough to not have to worry.
+ 				 */
+ #undef sprintf
  				int			ndig = DBL_DIG + extra_float_digits;
+ 				int			len PG_USED_FOR_ASSERTS_ONLY;
  
+ 				/* Neither of these limits can trigger, but be paranoid */
  				if (ndig < 1)
  					ndig = 1;
+ 				else if (ndig > 32)
+ 					ndig = 32;
  
! 				ascii = (char *) palloc(64);
! 
! 				len = sprintf(ascii, "%.*g", ndig, num);
! 
! 				Assert(len > 0 && len < 64);
! 
! #define sprintf pg_sprintf
  			}
  	}
  
