This patch fixes the string formatting overflow problem. It tries to do a
little better than MAL's magic number (50) check.


[Tim P on MAL's original patch]
> but I'll join Fred in objecting to the code
> it's mimicking:  not only do magic numbers suck, but these particular magic
> numbers implicitly rely on PyString_Format's tmpbuf vector being declared of
> another magical size larger than them.  As usual, flaky code gets flakier.

My patch still uses the magic number for the temporary buffer. This seems to me
a good practical limit. With the patch this buffer can no longer overflow (as
well, it is faster than malloc'ing a perfect sized buffer every time).

[MAL]
> A redesign would, of course, use a malloced buffer, the n-variants
> of printf() and add long support ;-) ... maybe for 1.7.

No long support in this patch :(

[Guido on MAL's original patch]
> Having read the patch and the discussion about magic numbers, I agree
> with Marc-Andre: let's apply the quick fix now, worry about
> correctness later.

Maybe this patch is preferable.