diff --git a/src/backend/utils/adt/float.c b/src/backend/utils/adt/float.c index df35557..2e68991 100644 *** a/src/backend/utils/adt/float.c --- b/src/backend/utils/adt/float.c *************** float4out(PG_FUNCTION_ARGS) *** 258,269 **** break; default: { int ndig = FLT_DIG + extra_float_digits; if (ndig < 1) ndig = 1; ! ascii = psprintf("%.*g", ndig, num); } } --- 258,287 ---- break; default: { + /* + * We don't go through snprintf.c here because, for this + * particular choice of format string, it adds nothing of + * value to the native behavior of sprintf() --- except + * handling buffer overrun. We just make the buffer big + * enough to not have to worry. + */ + #undef sprintf int ndig = FLT_DIG + extra_float_digits; + int len PG_USED_FOR_ASSERTS_ONLY; + /* Neither of these limits can trigger, but be paranoid */ if (ndig < 1) ndig = 1; + else if (ndig > 32) + ndig = 32; ! ascii = (char *) palloc(64); ! ! len = sprintf(ascii, "%.*g", ndig, num); ! ! Assert(len > 0 && len < 64); ! ! #define sprintf pg_sprintf } } *************** float8out_internal(double num) *** 494,505 **** break; default: { int ndig = DBL_DIG + extra_float_digits; if (ndig < 1) ndig = 1; ! ascii = psprintf("%.*g", ndig, num); } } --- 512,541 ---- break; default: { + /* + * We don't go through snprintf.c here because, for this + * particular choice of format string, it adds nothing of + * value to the native behavior of sprintf() --- except + * handling buffer overrun. We just make the buffer big + * enough to not have to worry. + */ + #undef sprintf int ndig = DBL_DIG + extra_float_digits; + int len PG_USED_FOR_ASSERTS_ONLY; + /* Neither of these limits can trigger, but be paranoid */ if (ndig < 1) ndig = 1; + else if (ndig > 32) + ndig = 32; ! ascii = (char *) palloc(64); ! ! len = sprintf(ascii, "%.*g", ndig, num); ! ! Assert(len > 0 && len < 64); ! ! #define sprintf pg_sprintf } }