@@ -2670,6 +2670,14 @@ to @code{fcvt}.
@safety{@prelim{}@mtsafe{}@assafe{}@acsafe{}}
@c gcvt calls sprintf, that ultimately calls vfprintf, which malloc()s
@c args_value if it's too large, but gcvt never exercises this path.
+@c vfprintf and printf_fp might malloc() other buffers too, but only if
+@c the involved sizes exceeded the alloca limit, but the NDIGIT_MAX
+@c limits ensure any required buffers will be well below the alloca
+@c limit. printf_fp also accesses the locale object, but it
+@c dereferences the locale pointer to a const locale object only once
+@c (due to compiler optimizations over all _NL_CURRENT uses), and it is
+@c called only once by vfprintf with the given format string, so it is
+@c safe even under concurrent locale changes.
@code{gcvt} is functionally equivalent to @samp{sprintf(buf, "%*g",
ndigit, value}. It is provided only for compatibility's sake. It
returns @var{buf}.