Fix crash when sprintf width argument overflows u64

Given "printf %18446744073709551616s", we parse the number only in
the printf crate, which tells us that we overflowed somwhere (but
not where exactly).

src/builtins/printf.rs

@@ -239,6 +239,13 @@ impl<'a, 'b> builtin_printf_state_t<'a, 'b> {
         }
     }
 
+    fn handle_sprintf_error(&mut self, err: fish_printf::Error) {
+        match err {
+            fish_printf::Error::Overflow => self.fatal_error(wgettext!("Number out of range")),
+            _ => panic!("unhandled error: {err:?}"),
+        }
+    }
+
     /// Evaluate a printf conversion specification.  SPEC is the start of the directive, and CONVERSION
     /// specifies the type of conversion.  SPEC does not include any length modifier or the
     /// conversion specifier itself.  FIELD_WIDTH and PRECISION are the field width and
@@ -268,7 +275,7 @@ impl<'a, 'b> builtin_printf_state_t<'a, 'b> {
                         $fmt,
                         &self.locale,
                         &mut [$($arg.to_arg()),*]
-                    ).expect("sprintf failed");
+                    ).err().map(|err| self.handle_sprintf_error(err));
                 }
             }
         }

tests/checks/printf.fish

@@ -151,3 +151,6 @@ echo
 # This is how mc likes to encode the directory we should cd to.
 printf '%b\n' '\0057foo\0057bar\0057'
 # CHECK: /foo/bar/
+
+printf %18446744073709551616s
+# CHECKERR: Number out of range