From c57fd1e380a562d16425e9c20f75ed9a08ff9073 Mon Sep 17 00:00:00 2001
From: Sergey B Kirpichev <skirpichev@gmail.com>
Date: Wed, 23 Oct 2024 13:28:06 +0300
Subject: [PATCH] Prevent crash in GMPy_MPFR_Format()

See https://github.com/aleaxit/gmpy/issues/522#issuecomment-2431541545
---
 src/gmpy2_format.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/gmpy2_format.c b/src/gmpy2_format.c
index fcb447a5..a355fd9b 100644
--- a/src/gmpy2_format.c
+++ b/src/gmpy2_format.c
@@ -319,6 +319,10 @@ GMPy_MPFR_Format(PyObject *self, PyObject *args)
     *(p3) = '\00';
 
     buflen = mpfr_asprintf(&buffer, mpfrfmt, MPFR(self));
+    if (buflen == -1) {
+        RUNTIME_ERROR("Number of characters written exceeds the INT_MAX");
+        return NULL;
+    }
 
     /* If there isn't a decimal point in the output and the output
      * only consists of digits, then append .0 */