--- trunk/src/dec_prom.c	2007/10/08 16:18:11	6
+++ trunk/src/dec_prom.c	2007/10/08 16:18:27	10
@@ -25,7 +25,7 @@
  *  SUCH DAMAGE.
  *
  *
- *  $Id: dec_prom.c,v 1.58 2005/05/15 01:55:49 debug Exp $
+ *  $Id: dec_prom.c,v 1.60 2005/06/26 11:36:28 debug Exp $
  *
  *  DECstation PROM emulation.
  */
@@ -363,7 +363,8 @@
 
 				switch (ch) {
 				case '%':
-					strcpy(printfbuf, "%%");
+					strlcpy(printfbuf, "%%",
+					    sizeof(printfbuf));
 					break;
 				case 'c':
 				case 'd':
@@ -375,7 +376,8 @@
 						/*  Linux booters seem to go
 						    over the edge sometimes: */
 						ch = '\0';
-						strcpy(printfbuf, "[...]\n");
+						strlcpy(printfbuf, "[...]\n",
+						    sizeof(printfbuf));
 #else
 						printf("[ decstation_prom_emul"
 						    "(): too many arguments ]");
@@ -391,15 +393,16 @@
 
 					switch (ch) {
 					case 'c':
-						sprintf(printfbuf, "%c", ch2);
+						snprintf(printfbuf, sizeof(
+						    printfbuf), "%c", ch2);
 						break;
 					case 'd':
-						sprintf(printfbuf, "%d",
-						    argdata);
+						snprintf(printfbuf, sizeof(
+						    printfbuf), "%d", argdata);
 						break;
 					case 'x':
-						sprintf(printfbuf, "%x",
-						    argdata);
+						snprintf(printfbuf, sizeof(
+						    printfbuf), "%x", argdata);
 						break;
 					case 's':
 						/*  Print a "%s" string.  */
@@ -432,7 +435,8 @@
 			case '\0':
 				break;
 			default:
-				sprintf(printfbuf, "%c", ch);
+				snprintf(printfbuf, sizeof(printfbuf),
+				    "%c", ch);
 			}
 
 			printfbuf[sizeof(printfbuf)-1] = '\0';