fix: cap format string precision to prevent memory exhaustion

ext/formatting.go

@@ -870,6 +870,8 @@ func parseFormattingClause(formatStr string, callback formatStringInterpolator)
 	}
 }
 
+const maxPrecision = 1000
+
 func parsePrecision(formatStr string) (int, *int, error) {
 	i := 0
 	if formatStr[i] != '.' {
@@ -891,6 +893,9 @@ func parsePrecision(formatStr string) (int, *int, error) {
 	if err != nil {
 		return -1, nil, fmt.Errorf("error while converting precision to integer: %w", err)
 	}
+	if precision > maxPrecision {
+		return -1, nil, fmt.Errorf("precision %d exceeds maximum allowed precision %d", precision, maxPrecision)
+	}
 	return i, &precision, nil
 }
 

ext/formatting_v2.go

@@ -784,5 +784,8 @@ func parsePrecisionV2(formatStr string) (int, int, error) {
 	if precision < 0 {
 		return -1, -1, fmt.Errorf("negative precision: %d", precision)
 	}
+	if precision > maxPrecision {
+		return -1, -1, fmt.Errorf("precision %d exceeds maximum allowed precision %d", precision, maxPrecision)
+	}
 	return i, precision, nil
 }