Affects Version/s: 1.11
Fix Version/s: None
an array is created on stack in order to convert theValue:
char theBuffer[MAX_PRINTF_DIGITS + 1];
If theValue is quite big for example 1.79769e+308 which is the biggest possible double value than theBuffer is overritten since it just allocates only 100 bytes for storing theValue whereas when this format string is used "%.35f" it requires around 350 bytes to store the converted double.
I think, first MAX_PRINTF_DIGITS is used by mistake in this context. Instead MAX_FLOAT_CHARACTERS should have been used. And MAX_FLOAT_CHARACTERS must be defined like this:
// The maximum number of characters for a floating point number. const size_t MAX_FLOAT_CHARACTERS = 400;
in order to have enough space to store 308 digits before the point, a point and up to 35 digits after the point and the NULL terminator at the end