Description
Passing a large floating point value, or a large precision, to String::String(float value, unsigned char decimalPlaces) causes a stack smash.
Any one of these lines, individually, in any context, will do it:
String s = String(1e31f, 0);
String s = String(-1.0f, 30);
String s = String(0.0f, 31);
The problem is in WString.cpp which uses a buffer of length 33 char buf[33] Since FLT_MAX is 3.4e38, 33 bytes is not enough. Furthermore, there is no limit on the precision value that can be passed through to dtostrf(), so you can crash it either with large floating point values or large precision numbers.
To fix it without going into dtostrf(), you would have to both increase the buffer size to around 80 - accounting for possible minus sign, decimal point, 39 predecimal digits, 38 postdecimal digits, and null terminator, and also limit the number of decimal places to 38.
The problem is even worse with the version of String whose argument is double; there the buffer size would need to be about 620.