Fix buffer overrun in `make_float()`

Fixes #2220

CHANGELOG.md

@@ -35,6 +35,13 @@ HEAD
 > + doc["strings"] = JsonString("hello\0world", 11)
 > ```
 
+v7.4.3 (2026-03-02)
+------
+
+* Fix a buffer overrun in `as<T>()` when `T` is a numeric type and
+  the variant contains a string representing a floating point number
+  with a large number of digits (issue #2220)
+
 v7.4.2 (2025-06-20)
 ------
 

extras/tests/Numbers/parseDouble.cpp

@@ -93,4 +93,34 @@ TEST_CASE("parseNumber<double>()") {
     checkDoubleNaN("NaN");
     checkDoubleNaN("nan");
   }
+
+  SECTION("Overflow exponent with decimal part") {  // Issue #2220
+    checkDoubleNaN(
+        "0.000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000001");
+  }
+
+  SECTION("Overflow exponent with integral part") {
+    checkDoubleNaN(
+        "10000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000000000000000000000");
+  }
 }

src/ArduinoJson/Numbers/FloatTraits.hpp

@@ -198,10 +198,13 @@ inline TFloat make_float(TFloat m, TExponent e) {
 
   auto powersOfTen = e > 0 ? traits::positiveBinaryPowersOfTen()
                            : traits::negativeBinaryPowersOfTen();
+
   if (e <= 0)
     e = TExponent(-e);
 
   for (uint8_t index = 0; e != 0; index++) {
+    if (index >= powersOfTen.size())
+      return traits::nan();
     if (e & 1)
       m *= powersOfTen[index];
     e >>= 1;