Bounds error with Printf format %a (hexadecimal floating point)

[nsajko]

MRE:

using Printf

function f(n::Int)
    @sprintf(" %a,", BigFloat("0.1", RoundNearest; precision = 2^n))
end

function g(m::Int)
    local ret = String[]
    for n in 6:m
        println(n)
        push!(ret, f(n))
    end
    ret
end

length(g(13))

Example error:

$ ./julia /tmp/mre.jl 
6
7
8
9
10
11
ERROR: LoadError: BoundsError: attempt to access 520-element Vector{UInt8} at index [521]
Stacktrace:
 [1] setindex!
   @ ./array.jl:966 [inlined]
 [2] format
   @ /tmp/julia-1.8.0-beta3/share/julia/stdlib/v1.8/Printf/src/Printf.jl:738 [inlined]
 [3] format(f::Printf.Format{Base.CodeUnits{UInt8, String}, Tuple{Printf.Spec{Val{'a'}}}}, args::BigFloat)
   @ Printf /tmp/julia-1.8.0-beta3/share/julia/stdlib/v1.8/Printf/src/Printf.jl:831
 [4] f
   @ /tmp/mre.jl:4 [inlined]
 [5] g(m::Int64)
   @ Main /tmp/mre.jl:11
 [6] top-level scope
   @ /tmp/mre.jl:16
in expression starting at /tmp/mre.jl:16

Happens with both 1.7.2 and 1.8.0-beta3:

julia> versioninfo()
Julia Version 1.8.0-beta3
Commit 3e092a2521 (2022-03-29 15:42 UTC)
Platform Info:
  OS: Linux (x86_64-pc-linux-gnu)
  CPU: 8 × Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
  WORD_SIZE: 64
  LIBM: libopenlibm
  LLVM: libLLVM-13.0.1 (ORCJIT, skylake)
  Threads: 1 on 8 virtual cores
Environment:
  JULIA_PKG_DEVDIR = /home/nsajko/julia-dev-pkgs

[Seelengrab]

Seems related to the magic numbers of https://github.com/JuliaLang/julia/issues/41649, since that's where the size of the buffer comes from (@quinnj).

(Small nitpick, but it's only a buffer overflow when the out-of-bounds write actually succeeds, which it doesn't here - it's a regular BoundsError due to successful bounds checking.)

[nsajko]

label as bug and display and printing?