diff -urN xv-3.10a-orig/xv.c xv-3.10a/xv.c --- xv-3.10a-orig/xv.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xv.c 2022-04-05 17:24:02 +0900 @@ -2466,7 +2466,7 @@ if (filetype == RFT_ERROR) { char foostr[512]; - sprintf(foostr,"Can't open file '%s'\n\n %s.",filename, ERRSTR(errno)); + snprintf(foostr, sizeof(foostr), "Can't open file '%s'\n\n %s.",filename, ERRSTR(errno)); if (!polling) ErrPopUp(foostr, "\nBummer!"); @@ -3333,7 +3333,7 @@ strcat(namez,".Z"); if (rename(name, namez) < 0) { - sprintf(buf, "Error renaming '%s' to '%s': %s", + snprintf(buf, sizeof(buf), "Error renaming '%s' to '%s': %s", name, namez, ERRSTR(errno)); ErrPopUp(buf, "\nBummer!"); return 0; @@ -3392,7 +3392,7 @@ if (strlen(namez)) { if (rename(namez, name) < 0) { - sprintf(buf, "Error renaming '%s' to '%s': %s", + snprintf(buf, sizeof(buf), "Error renaming '%s' to '%s': %s", namez, name, ERRSTR(errno)); ErrPopUp(buf, "\nBummer!"); } @@ -3621,11 +3621,11 @@ strcat(fullcmd, tmpname); /* execute the command */ - sprintf(str, "Doing command: '%s'", fullcmd); + snprintf(str, sizeof(str), "Doing command: '%s'", fullcmd); OpenAlert(str); i = system(fullcmd); if (i) { - sprintf(str, "Unable to complete command:\n %s\n\n exit status: %d", + snprintf(str, sizeof(str), "Unable to complete command:\n %s\n\n exit status: %d", fullcmd, i); CloseAlert(); ErrPopUp(str, "\nThat Sucks!"); @@ -4003,20 +4003,20 @@ char winname[256], iconname[256]; if (winTitle) { - strcpy(winname, winTitle); - strcpy(iconname, winTitle); + snprintf(winname, sizeof(winname), "%s", winTitle); + snprintf(iconname, sizeof(iconname), "%s", winTitle); } else if (name[0] == '\0') { - sprintf(winname, "xv %s",VERSTR); - sprintf(iconname,"xv"); + snprintf(winname, sizeof(winname), "xv %s",VERSTR); + snprintf(iconname, sizeof(iconname), "xv"); } else { - sprintf(winname,"xv %s: %s", VERSTR, name); - sprintf(iconname,"%s",name); + snprintf(winname, sizeof(winname), "xv %s: %s", VERSTR, name); + snprintf(iconname, sizeof(iconname), "%s",name); } #ifndef REGSTR - strcat(winname, " "); + snprintf(winname+strlen(winname), sizeof(winname)-strlen(winname), " "); #endif if (mainW) { @@ -4277,7 +4277,7 @@ delnum = nList.selected; if (delnum < 0 || delnum >= numnames) return 0; - sprintf(str, "Delete '%s'?\n\n%s%s", namelist[delnum], + snprintf(str, sizeof(str), "Delete '%s'?\n\n%s%s", namelist[delnum], "'List Entry' deletes selection from list.\n", "'Disk File' deletes file associated with selection."); @@ -4296,7 +4296,7 @@ i = unlink(name); if (i) { - sprintf(str,"Can't delete file '%s'\n\n %s.", name, ERRSTR(errno)); + snprintf(str, sizeof(str), "Can't delete file '%s'\n\n %s.", name, ERRSTR(errno)); ErrPopUp(str, "\nPity"); if (name != namelist[delnum]) free(name); return 0; diff -urN xv-3.10a-orig/xvcut.c xv-3.10a/xvcut.c --- xv-3.10a-orig/xvcut.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvcut.c 2022-04-05 17:17:15 +0900 @@ -802,7 +802,7 @@ fp = fopen(clipfname, "r"); if (!fp) { unlink(clipfname); - sprintf(str, "Can't read clipboard file '%s'\n\n %s.", + snprintf(str, sizeof(str), "Can't read clipboard file '%s'\n\n %s.", clipfname, ERRSTR(errno)); ErrPopUp(str,"\nBletch!"); return (byte *) NULL; @@ -812,7 +812,7 @@ if (fread((char *) lbuf, (size_t) 1, (size_t) 4, fp) != 4) { fclose(fp); unlink(clipfname); - sprintf(str, "Error occurred while reading clipboard file.\n\n %s.", + snprintf(str, sizeof(str), "Error occurred while reading clipboard file.\n\n %s.", ERRSTR(errno)); ErrPopUp(str,"\nGlork!"); return (byte *) NULL; @@ -840,7 +840,7 @@ fclose(fp); free(data); unlink(clipfname); - sprintf(str, "Error occurred while reading clipboard file.\n\n %s.", + snprintf(str, sizeof(str), "Error occurred while reading clipboard file.\n\n %s.", ERRSTR(errno)); ErrPopUp(str,"\nNertz!"); return (byte *) NULL; @@ -905,7 +905,7 @@ fp = fopen(clipfname, "w"); if (!fp) { unlink(clipfname); - sprintf(str, "Can't write clipboard file '%s'\n\n %s.", + snprintf(str, sizeof(str), "Can't write clipboard file '%s'\n\n %s.", clipfname, ERRSTR(errno)); ErrPopUp(str,"\nBletch!"); return; @@ -914,7 +914,7 @@ if (fwrite((char *) cimg, (size_t) 1, (size_t) len, fp) != len) { fclose(fp); unlink(clipfname); - sprintf(str, "Error occurred while writing to clipboard file.\n\n %s.", + snprintf(str, sizeof(str), "Error occurred while writing to clipboard file.\n\n %s.", ERRSTR(errno)); ErrPopUp(str,"\nGlork!"); return; diff -urN xv-3.10a-orig/xvevent.c xv-3.10a/xvevent.c --- xv-3.10a-orig/xvevent.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvevent.c 2022-04-05 17:13:12 +0900 @@ -1198,6 +1198,7 @@ SetDirSaveMode(F_FORMAT, F_PS); SetDirSaveMode(F_COLORS, i); + if (strlen(printCmd)+3 > sizeof(str)) FatalError("print command buffer overflow"); if (printCmd[0] != '|' && printCmd[0] != '!') sprintf(str, "| %s", printCmd); else strcpy(str, printCmd); diff -urN xv-3.10a-orig/xvgif.c xv-3.10a/xvgif.c --- xv-3.10a-orig/xvgif.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvgif.c 2022-04-05 17:11:16 +0900 @@ -441,7 +441,7 @@ unlink(pinfo->pagebname); /* no errors during testing */ } } - sprintf(tmpname, "%s%d", pinfo->pagebname, pinfo->numpages); + snprintf(tmpname, sizeof(tmpname), "%s%d", pinfo->pagebname, pinfo->numpages); fp = xv_fopen(tmpname, "w"); if (!fp) { ErrPopUp("LoadGIF: Unable to open temp file", "\nDang!"); @@ -505,7 +505,7 @@ /* write the last page temp file */ int numpages = pinfo->numpages; char *comment = pinfo->comment; - sprintf(tmpname, "%s%d", pinfo->pagebname, pinfo->numpages); + snprintf(tmpname, sizeof(tmpname), "%s%d", pinfo->pagebname, pinfo->numpages); fp = xv_fopen(tmpname, "w"); if (!fp) { ErrPopUp("LoadGIF: Unable to open temp file", "\nDang!"); @@ -522,7 +522,7 @@ pinfo->pic = (byte *) NULL; /* load the first page temp file */ - sprintf(tmpname, "%s%d", pinfo->pagebname, 1); + snprintf(tmpname, sizeof(tmpname), "%s%d", pinfo->pagebname, 1); i = LoadGIF(tmpname, pinfo); pinfo->numpages = numpages; pinfo->comment = comment; diff -urN xv-3.10a-orig/xvimage.c xv-3.10a/xvimage.c --- xv-3.10a-orig/xvimage.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvimage.c 2022-04-05 17:10:31 +0900 @@ -3015,7 +3015,7 @@ #ifndef VMS - sprintf(fname, "%s/xvXXXXXX", tmpdir); + snprintf(fname, sizeof(fname), "%s/xvXXXXXX", tmpdir); #else strcpy(fname, "Sys$Disk:[]xvuXXXXXX"); #endif @@ -3318,7 +3318,7 @@ readname = uncompname; } else { - sprintf(errstr, "Error: Couldn't uncompress file '%s'", name); + snprintf(errstr, sizeof(errstr), "Error: Couldn't uncompress file '%s'", name); ErrPopUp(errstr, "\nOk"); return 0; } @@ -3326,12 +3326,12 @@ if (ftype == RFT_ERROR) { - sprintf(errstr, "Couldn't open file '%s'\n\n %s.", name, ERRSTR(errno)); + snprintf(errstr, sizeof(errstr), "Couldn't open file '%s'\n\n %s.", name, ERRSTR(errno)); ErrPopUp(errstr, "\nOk"); return 0; } else if (ftype == RFT_UNKNOWN) { - sprintf(errstr, "Error: File '%s' not in a recognized format.", name); + snprintf(errstr, sizeof(errstr), "Error: File '%s' not in a recognized format.", name); ErrPopUp(errstr, "\nOk"); return 0; } @@ -3344,7 +3344,7 @@ if (pinfo->pic) free(pinfo->pic); if (pinfo->comment) free(pinfo->comment); } - sprintf(errstr, "Couldn't load file '%s'.", name); + snprintf(errstr, sizeof(errstr), "Couldn't load file '%s'.", name); ErrPopUp(errstr, "\nOk"); return 0; } diff -urN xv-3.10a-orig/xvps.c xv-3.10a/xvps.c --- xv-3.10a-orig/xvps.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvps.c 2022-04-05 17:05:48 +0900 @@ -1598,10 +1598,10 @@ /* build 'gscmd' string */ #ifndef VMS /* VMS needs quotes around mixed case command lines */ - sprintf(gscmd, "%s -sDEVICE=%s -r%d -q -dSAFER -dNOPAUSE -sOutputFile=%s%%d ", + snprintf(gscmd, sizeof(gscmd), "%s -sDEVICE=%s -r%d -q -dSAFER -dNOPAUSE -sOutputFile=%s%%d ", GS_PATH, gsDev, gsRes, tmpname); #else - sprintf(gscmd, + snprintf(gscmd, sizeof(gscmd), "%s \"-sDEVICE=%s\" -r%d -q \"-dNOPAUSE\" \"-sOutputFile=%s%%d\" ", GS_PATH, gsDev, gsRes, tmpname); #endif @@ -1613,21 +1613,21 @@ # else sprintf(tmp, "\"-I%s\" ", GS_LIB); # endif - strcat(gscmd, tmp); + snprintf(gscmd+strlen(gscmd), sizeof(gscmd)-strlen(gscmd), "%s", tmp); #endif /* prevent some potential naughtiness... */ #ifndef VMS - strcat(gscmd, "-dSAFER "); + snprintf(gscmd+strlen(gscmd), sizeof(gscmd)-strlen(gscmd), "%s", "-dSAFER "); #else - strcat(gscmd, "\"-dSAFER\" "); + snprintf(gscmd+strlen(gscmd), sizeof(gscmd)-strlen(gscmd), "%s", "\"-dSAFER\" "); #endif if (gsGeomStr) { sprintf(tmp, "-g%s ", gsGeomStr); - strcat(gscmd, tmp); + snprintf(gscmd+strlen(gscmd), sizeof(gscmd)-strlen(gscmd), "%s", tmp); } @@ -1695,7 +1695,7 @@ as it won't be needed. */ - sprintf(tmp, "%s%d", tmpname, 1); + snprintf(tmp, sizeof(tmp), "%s%d", tmpname, 1); filetype = ReadFileType(tmp); if (filetype == RFT_ERROR || filetype == RFT_UNKNOWN || @@ -1721,7 +1721,7 @@ /* SUCCESS! */ if (nump>1) { - strcpy(pinfo->pagebname, tmpname); + snprintf(pinfo->pagebname, sizeof(pinfo->pagebname), "%s", tmpname); } pinfo->numpages = nump; diff -urN xv-3.10a-orig/xvtext.c xv-3.10a/xvtext.c --- xv-3.10a-orig/xvtext.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvtext.c 2022-04-05 17:04:09 +0900 @@ -416,7 +416,7 @@ fp = fopen(rfname, "r"); if (!fp) { - sprintf(buf,"Couldn't open '%s': %s", rfname, ERRSTR(errno)); + snprintf(buf, sizeof(buf),"Couldn't open '%s': %s", rfname, ERRSTR(errno)); ErrPopUp(buf,"\nOh well"); return FALSE; } @@ -427,7 +427,7 @@ fseek(fp, 0L, 0); if (!textlen) { - sprintf(buf, "File '%s' contains no data. (Zero length file.)", rfname); + snprintf(buf, sizeof(buf), "File '%s' contains no data. (Zero length file.)", rfname); ErrPopUp(buf, "\nOk"); fclose(fp); return FALSE; @@ -435,7 +435,7 @@ text = (char *) malloc((size_t) textlen + 1); if (!text) { - sprintf(buf, "Couldn't malloc %ld bytes to read file '%s'", + snprintf(buf, sizeof(buf), "Couldn't malloc %ld bytes to read file '%s'", textlen, rfname); ErrPopUp(buf, "\nSo what!"); fclose(fp); @@ -443,7 +443,7 @@ } if (fread(text, (size_t) 1, (size_t) textlen, fp) != textlen) { - sprintf(buf, "Warning: Couldn't read all of '%s'. Possibly truncated.", + snprintf(buf, sizeof(buf), "Warning: Couldn't read all of '%s'. Possibly truncated.", rfname); ErrPopUp(buf, "\nHmm..."); } @@ -453,7 +453,7 @@ fclose(fp); - sprintf(title, "File: '%s'", BaseName(fname)); + snprintf(title, sizeof(title), "File: '%s'", BaseName(fname)); OpenTextView(text, (int) textlen, title, 1); /* note: text gets freed when window gets closed */ @@ -545,9 +545,9 @@ tv->freeonclose = 0; if (strlen(fullfname)) - sprintf(tv->title, "File: '%s'", BaseName(fullfname)); + snprintf(tv->title, sizeof(tv->title), "File: '%s'", BaseName(fullfname)); else - sprintf(tv->title, ""); + snprintf(tv->title, sizeof(tv->title), ""); computeText(tv); /* compute # lines and linestarts array */ @@ -2263,7 +2263,7 @@ else y = 5 + LINEHIGH * 7 + SPACING * 3; - sprintf(buf, "Designation for G%d:", i + 1); + snprintf(buf, sizeof(buf), "Designation for G%d:", i + 1); DrawString(cs->win, x, y + ASCENT, buf); LSCreate(&cs->ls[i], cs->win, x + 15, y + LINEHIGH, @@ -2576,7 +2576,7 @@ else y = 5 + LINEHIGH * 7 + SPACING * 3; - sprintf(buf, "Designation for G%d:", i); + snprintf(buf, sizeof(buf), "Designation for G%d:", i); DrawString(cs->win, x, y + ASCENT, buf); } diff -urN xv-3.10a-orig/xvtiff.c xv-3.10a/xvtiff.c --- xv-3.10a-orig/xvtiff.c 2022-04-05 16:54:32 +0900 +++ xv-3.10a/xvtiff.c 2022-04-05 17:02:36 +0900 @@ -520,11 +520,11 @@ char *cp = buf; if (module != NULL) { - sprintf(cp, "%s: ", module); + snprintf(cp, sizeof(buf)-1-(cp-buf), "%s: ", module); cp = (char *) index(cp, '\0'); } - vsprintf(cp, fmt, ap); + vsnprintf(cp, sizeof(buf)-1-(cp-buf), fmt, ap); strcat(cp, "."); SetISTR(ISTR_WARNING, "%s", buf); @@ -543,12 +543,12 @@ char *cp = buf; if (module != NULL) { - sprintf(cp, "%s: ", module); + snprintf(cp, sizeof(buf)-1-(cp-buf), "%s: ", module); cp = (char *) index(cp, '\0'); } - strcpy(cp, "Warning, "); + snprintf(cp, sizeof(buf)-1-(cp-buf), "%s", "Warning, "); cp = (char *) index(cp, '\0'); - vsprintf(cp, fmt, ap); + vsnprintf(cp, sizeof(buf)-1-(cp-buf), fmt, ap); strcat(cp, "."); SetISTR(ISTR_WARNING, "%s", buf); diff -urN xv-3.10a-orig/xvvd.c xv-3.10a/xvvd.c --- xv-3.10a-orig/xvvd.c 2007-04-16 13:30:19 +0900 +++ xv-3.10a/xvvd.c 2022-04-05 17:00:45 +0900 @@ -112,7 +112,7 @@ if (Mkvdir(dir) == VD_ERR) return -1; - strcpy(buf, dir); + snprintf(buf, sizeof(buf), "%s", dir); Dirtovd(buf); return (chdir(buf)); @@ -148,7 +148,7 @@ if (!strncmp(dir, vdtable[i], strlen(vdtable[i]))) { char tmp[MAXPATHLEN+1]; - sprintf(tmp, "%s%s", vdroot, dir); + snprintf(tmp, sizeof(tmp), "%s%s", vdroot, dir); strcpy(dir, tmp); Dirtovd(dir); } @@ -169,9 +169,9 @@ char tmp[MAXPATHLEN+1]; for (i = vdcount-1; i >= 0; i--) { - sprintf(tmp, "%s%s", vdroot, vdtable[i]); + snprintf(tmp, sizeof(tmp), "%s%s", vdroot, vdtable[i]); if(!strncmp(vd, tmp, strlen(tmp))) { - strcpy(tmp, vd+strlen(vdroot)); + snprintf(tmp, sizeof(tmp), "%s", vd+strlen(vdroot)); strcpy(vd, tmp); Vdtodir(vd); } @@ -185,7 +185,7 @@ Dirtovd(dir); - strcpy(tmp, dir+strlen(vdroot)); + snprintf(tmp, sizeof(tmp), "%s", dir+strlen(vdroot)); if (Isarchive(tmp)) strcpy(dir, tmp); @@ -216,7 +216,7 @@ mask = sigblock(sigmask(SIGHUP)|sigmask(SIGCHLD)); #endif - strcpy(dir1, dir); + snprintf(dir1, sizeof(dir1), "%s", dir); vd_optimize_path(dir1); if ((rv = vd_Mkvdir(dir1)) != VD_ERR) @@ -259,7 +259,7 @@ struct stat st; FILE *pfp; - strcpy(dir1, dir); + snprintf(dir1, sizeof(dir1), "%s", dir); Dirtovd(dir1); strcpy(dir2, dir1); @@ -297,13 +297,13 @@ xv_getwd(origdir, MAXPATHLEN+1); - sprintf(tmp, "%s%s", vdroot, dir2); + snprintf(tmp, sizeof(tmp), "%s%s", vdroot, dir2); if (vd_recursive_mkdir(tmp) || chdir(tmp)) { SetISTR(ISTR_INFO, "fail to make virtual directory."); Warning(); goto VD_MKVDIR_ERR; } - sprintf(buf, ext_command[ftype], dir1); + snprintf(buf, sizeof(buf), ext_command[ftype], dir1); WaitCursor(); @@ -358,7 +358,7 @@ return; } - sprintf(tmp, "%s%s", vdroot, dir); + snprintf(tmp, sizeof(tmp), "%s%s", vdroot, dir); if (vd_recursive_mkdir(tmp)) { SetISTR(ISTR_INFO, "Failed to make virtual directory."); Warning(); @@ -382,7 +382,7 @@ int rv; char buf[MAXPATHLEN+1]; - strcpy(buf, dir); + snprintf(buf, sizeof(buf), "%s", dir); vd_optimize_path(buf); rv = vd_Rmvdir(buf); @@ -398,7 +398,7 @@ for(i = 0; i < vdcount; i++) if (!strncmp(dir, vdtable[i], strlen(dir))) { - sprintf(tmp, "%s%s", vdroot, vdtable[i]); + snprintf(tmp, sizeof(tmp), "%s%s", vdroot, vdtable[i]); if (vd_Rmvdir(tmp)) return 1; if (vd_recursive_rmdir(tmp)) @@ -421,10 +421,10 @@ /* char sbuf[MAXPATHLEN+1], dbuf[MAXPATHLEN+1]; - strcpy(sbuf, src); + snprintf(sbuf, sizeof(sbuf), "%s", src); vd_optimize_path(sbuf); - strcpy(dbuf, dst); + snprintf(dbuf, sizeof(dbuf), "%s", dst); vd_optimize_path(dbuf); return (vd_Movevdir(sbuf, dbuf)); @@ -441,9 +441,9 @@ for (i = 0; i < vdcount; i++) if (!strncmp(src, vdtable[i], strlen(src))) { - sprintf(tmps, "%s%s", vdroot, vdtable[i]); - sprintf(tmp, "%s%s", dst, vdtable[i]+strlen(src)); - sprintf(tmpd, "%s%s", vdroot, tmp); + snprintf(tmps, sizeof(tmps), "%s%s", vdroot, vdtable[i]); + snprintf(tmp, sizeof(tmp), "%s%s", dst, vdtable[i]+strlen(src)); + snprintf(tmpd, sizeof(tmpd), "%s%s", vdroot, tmp); if (vd_Movevdir(tmps, tmpd)) return 1; @@ -517,7 +517,7 @@ char buf[MAXPATHLEN+1], *p; struct stat st; - strcpy(buf, dir); + snprintf(buf, sizeof(buf), "%s", dir); if (buf[strlen(buf) - 1] == '/') buf[strlen(buf) - 1] = '\0'; @@ -543,7 +543,7 @@ DIR *dp; struct dirent *di; - strcpy(buf, dir); + snprintf(buf, sizeof(buf), "%s", dir); if (buf[strlen(buf) - 1] == '/') buf[strlen(buf) - 1] = '\0'; @@ -557,7 +557,7 @@ if (!strcmp(di->d_name, ".") || !strcmp(di->d_name, "..")) continue; - sprintf(buf2, "%s/%s", dir, di->d_name); + snprintf(buf2, sizeof(buf2), "%s/%s", dir, di->d_name); stat(buf2, &st); if (S_ISDIR(st.st_mode)) { @@ -606,8 +606,8 @@ char tmp1[MAXPATHLEN+1], tmp2[MAXPATHLEN+1]; int archive1, archive2; - strcpy(tmp1, path); - strcpy(tmp2, path); + snprintf(tmp1, sizeof(tmp1), "%s", path); + snprintf(tmp2, sizeof(tmp2), "%s", path); vd_optimize_path(tmp1); Dirtovd(tmp2); @@ -619,7 +619,7 @@ char tmp3[MAXPATHLEN+1], tmp4[MAXPATHLEN+1]; int archive3, archive4; - sprintf(tmp3, "%s%s", vdroot, tmp1); + snprintf(tmp3, sizeof(tmp3), "%s%s", vdroot, tmp1); strcpy(tmp4, tmp2+strlen(vdroot)); archive3 = Isarchive(tmp3); @@ -663,7 +663,7 @@ if (*path != '/') { char tmp[MAXPATHLEN+1]; - strcpy(tmp, path); + snprintf(tmp, sizeof(tmp), "%s", path); xv_getwd(path, MAXPATHLEN+1); strcat(path, "/"); strcat(path, tmp); @@ -848,11 +848,10 @@ if (strlen(name) >= (size_t) 2 && strcmp(name + strlen(name)-2,".Z")!=0 && strcmp(name + strlen(name)-2,".z")!=0) { - strcpy(namez, name); - strcat(namez,".Z"); + snprintf(namez, sizeof(namez), "%s.Z", name); if (rename(name, namez) < 0) { - sprintf(buf, "Error renaming '%s' to '%s': %s", + snprintf(buf, sizeof(buf), "Error renaming '%s' to '%s': %s", name, namez, ERRSTR(errno)); ErrPopUp(buf, "\nBummer!"); return 0; @@ -862,14 +861,14 @@ } #endif /* not GUNZIP */ - sprintf(uncompname, "%s/xvuXXXXXX", tmpdir); + snprintf(uncompname, sizeof(uncompname), "%s/xvuXXXXXX", tmpdir); #ifdef USE_MKSTEMP tmpfd = mkstemp(uncompname); #else mktemp(uncompname); #endif - sprintf(buf,"%s -c %s", UNCOMPRESS, fname); + snprintf(buf, sizeof(buf), "%s -c %s", UNCOMPRESS, fname); SetISTR(ISTR_INFO, "Uncompressing Header '%s'...", BaseName(fname)); if ((pfp = popen_nul(buf, "r")) == NULL) { SetISTR(ISTR_INFO, "Cannot extract for archive '%s'.", @@ -921,7 +920,7 @@ if (strlen(namez)) { if (rename(namez, name) < 0) { - sprintf(buf, "Error renaming '%s' to '%s': %s", + snprintf(buf, sizeof(buf), "Error renaming '%s' to '%s': %s", namez, name, ERRSTR(errno)); ErrPopUp(buf, "\nBummer!"); }