I wrote:
> I don't see a crash either, but I can't help observing that this
> input leads to a "seg" struct with "-46" significant digits:
> ...
> So we're invoking sprintf with a fairly insane precision spec:
Actually, it looks like sprintf is not the problem. This is:
(gdb)
984 buf[10 + n] = '\0';
(gdb) p n
$9 = -46
So first off, we're stomping on something we shouldn't, and
secondly we're failing to nul-terminate buf[], which easily
explains your observed crash at the strcpy a little further
down. On most platforms strcpy would find a nul byte not
too much further on, which might prevent the worst sorts
of damage, but this is still very ugly.
regards, tom lane