The following reply was made to PR lib/35401; it has been noted by GNATS.

From: David Laight <david@l8s.co.uk>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: lib/35401
Date: Mon, 15 Jan 2007 21:12:29 +0000

 On Mon, Jan 15, 2007 at 02:20:02PM +0000, Christian Biere wrote:
 > The following reply was made to PR lib/35401; it has been noted by GNATS.
 > 
 > From: Christian Biere <christianbiere@gmx.de>
 > To: gnats-bugs@NetBSD.org, netbsd-bugs@netbsd.org
 > Cc: 
 > Subject: Re: lib/35401
 > Date: Mon, 15 Jan 2007 15:23:54 +0100
 > 
 >  David Laight wrote:
 >  > On Sun, Jan 14, 2007 at 11:35:02PM +0000, Christian Biere wrote:
 >  > >  
 >  > >  Should I commit or are there any objections?
 >   
 >  > Yes - printf is too slow already any you've just made it a lot slower.
 >  
 >  I suspect you're referring to add_digit() when you say "a lot". This
 >  variant should be a bit faster:
 
 I was thinking of the cost of the call, not the contents of it!
 Not to mention all the other tests you are adding.
 Looking more closely the function itself also doesn't work.
 The 'a + b < a' test doesn't work for multiplication.
 
 Also you only need to for 'stupid' values, you don't need convertions
 that generate INT_MAX (etc).  Any numeric conversion > (say) 100kB is
 clearly nonsense - whether it came from the format string itself or a "%*".
 Overlong string convertions might need more care, but you still don't need
 'exact' tests.
 
 Even failing the convertion could be troublesome with code that (for
 example) expects asprintf() never to return NULL, or snprintf() to return
 a +ve number.
 
 In any case, programs that allow 'broken' format strings to be supplied
 are MUCH more likely to be compromised by "%n", so checking anything other
 that "%*" is totally pointless.
 
 Oh - and we don't do 'if ('0' == ch)' it is too ugly...
 
 	David
 
 -- 
 David Laight: david@l8s.co.uk