Обсуждение: cube output function can overrun its buffer

In cube_out 100 bytes are allocated to hold the output string. Instead
using a bound on the size of g format output and separation characters,
this bound times twice the dimension (possibly plus a small constant for
parens and terminating 0 byte) should be used.

With this approach you might want to add specific precision specification
in case the default precision in glibc changes in the future.

Bruno Wolff III <bruno@wolff.to> writes:
> In cube_out 100 bytes are allocated to hold the output string.

Good point.

> Instead
> using a bound on the size of g format output and separation characters,
> this bound times twice the dimension (possibly plus a small constant for
> parens and terminating 0 byte) should be used.

I made it use an expandable buffer, instead.  Much less fragile...

            regards, tom lane