--- dcraw.c.orig	Thu Sep 15 00:17:59 2005
+++ dcraw.c	Thu Sep 15 00:18:35 2005
@@ -2228,7 +2228,7 @@ void CLASS foveon_interpolate()
     for (j=0; j < 3; j++)
       FORC3 last[i][j] += correct[i][c] * cam_xyz[c][j];
 
-  sprintf (str, "%sRGBNeutral", model2);
+  snprintf (str, sizeof str, "%sRGBNeutral", model2);
   if (foveon_camf_param ("IncludeBlocks", str))
     foveon_fixed (div, 3, str);
   else {
@@ -2598,9 +2598,9 @@ void CLASS bad_pixels()
     if (*cp == '\\') *cp = '/';
 #endif
   cp = fname + strlen(fname);
-  if (cp[-1] == '/') cp--;
+  if (cp[-1] == '/') cp--, *cp = '\0';
   while (*fname == '/') {
-    strcpy (cp, "/.badpixels");
+    strlcat (fname, "/.badpixels", len);
     if ((fp = fopen (fname, "r"))) break;
     if (cp == fname) break;
     while (*--cp != '/');
@@ -3530,7 +3530,7 @@ int CLASS parse_tiff_ifd (int base, int 
 	if (level) {
 	  data_offset = ftell(ifp);
 	} else {
-	  strcpy (make, "Leaf");
+	  strlcpy (make, "Leaf", sizeof make);
 	  data_offset = get4();
 	}
 	break;
@@ -3565,7 +3565,7 @@ int CLASS parse_tiff_ifd (int base, int 
 	parse_exif (base);
 	break;
       case 46275:
-	strcpy (make, "Imacon");
+	strlcpy (make, "Imacon", sizeof make);
 	data_offset = ftell(ifp);
 	raw_width = 4090;
 	raw_height = len / raw_width / 2;
@@ -3716,6 +3716,7 @@ void CLASS parse_external_jpeg()
 {
   char *file, *ext, *jname, *jfile, *jext;
   FILE *save=ifp;
+  size_t ifsize;
 
   ext  = strrchr (ifname, '.');
   file = strrchr (ifname, '/');
@@ -3723,13 +3724,15 @@ void CLASS parse_external_jpeg()
   if (!file) file = ifname-1;
   file++;
   if (strlen(ext) != 4 || ext-file != 8) return;
-  jname = malloc (strlen(ifname) + 1);
+  ifsize = strlen(ifname) + 1;
+  jname = malloc (ifsize);
   merror (jname, "parse_external()");
-  strcpy (jname, ifname);
+  strlcpy (jname, ifname, ifsize);
   jfile = file - ifname + jname;
   jext  = ext  - ifname + jname;
   if (strcasecmp (ext, ".jpg")) {
-    strcpy (jext, isupper(ext[1]) ? ".JPG":".jpg");
+    *jext = '\0';
+    strlcat(ifname, isupper(ext[1]) ? ".JPG":".jpg", ifsize);
     memcpy (jfile, file+4, 4);
     memcpy (jfile+4, file, 4);
   } else
@@ -3932,8 +3935,8 @@ void CLASS parse_rollei()
   if ((ts = mktime(&t)) > 0)
     timestamp = ts;
   data_offset += tx * ty * 2;
-  strcpy (make, "Rollei");
-  strcpy (model,"d530flex");
+  strlcpy (make, "Rollei", sizeof make);
+  strlcpy (model,"d530flex", sizeof model);
 }
 
 void CLASS parse_mos (int offset)
@@ -4019,14 +4022,14 @@ void CLASS parse_phase_one (int base)
   }
   load_raw = tiff_data_compression < 3 ?
 	phase_one_load_raw:phase_one_load_raw_c;
-  strcpy (make, "Phase One");
+  strlcpy (make, "Phase One", sizeof make);
   if (model[0]) return;
-  sprintf (model, "%dx%d", width, height);
+  snprintf (model, sizeof model,  "%dx%d", width, height);
   switch (raw_height) {
-    case 2060: strcpy (model,"LightPhase");	break;
-    case 2682: strcpy (model,"H 10");		break;
-    case 4128: strcpy (model,"H 20");		break;
-    case 5488: strcpy (model,"H 25");		break;
+    case 2060: strlcpy (model,"LightPhase", sizeof model);	break;
+    case 2682: strlcpy (model,"H 10", sizeof model);		break;
+    case 4128: strlcpy (model,"H 20", sizeof model);		break;
+    case 5488: strlcpy (model,"H 25", sizeof model);		break;
   }
 }
 
@@ -4081,8 +4084,8 @@ void CLASS parse_smal (int offset, int f
   if (ver > 6) data_offset = get4();
   raw_height = height = get2();
   raw_width  = width  = get2();
-  strcpy (make, "SMaL");
-  sprintf (model, "v%d %dx%d", ver, width, height);
+  strlcpy (make, "SMaL", sizeof make);
+  snprintf (model, sizeof model, "v%d %dx%d", ver, width, height);
   if (ver == 6) load_raw = smal_v6_load_raw;
   if (ver == 9) load_raw = smal_v9_load_raw;
 }
@@ -4372,7 +4375,7 @@ void CLASS adobe_coeff()
   char name[130];
   int i, j;
 
-  sprintf (name, "%s %s", make, model);
+  snprintf (name, sizeof name, "%s %s", make, model);
   for (i=0; i < sizeof table / sizeof *table; i++)
     if (!strncmp (name, table[i].prefix, strlen(table[i].prefix))) {
       for (j=0; j < 12; j++)
@@ -4525,14 +4528,14 @@ int CLASS identify (int will_decode)
     order = 0x4949;
     fseek (ifp, 38, SEEK_SET);
     if (get4() == 2834 && get4() == 2834) {
-      strcpy (model, "BMQ");
+      strlcpy (model, "BMQ", sizeof model);
       flip = 3;
       goto nucore;
     }
   } else if (!memcmp (head, "BR", 2)) {
-    strcpy (model, "RAW");
+    strlcpy (model, "RAW", sizeof model);
 nucore:
-    strcpy (make, "Nucore");
+    strlcpy (make, "Nucore", sizeof make);
     order = 0x4949;
     fseek (ifp, 10, SEEK_SET);
     data_offset += get4();
@@ -4544,15 +4547,15 @@ nucore:
       data_offset -= 0x1000;
     }
   } else if (!memcmp (head+25, "ARECOYK", 7)) {
-    strcpy (make, "Contax");
-    strcpy (model,"N Digital");
+    strlcpy (make, "Contax", sizeof make);
+    strlcpy (model,"N Digital", sizeof model);
     fseek (ifp, 33, SEEK_SET);
     get_timestamp(1);
     fseek (ifp, 60, SEEK_SET);
     FORC4 cam_mul[c ^ (c >> 1)] = get4();
   } else if (!strcmp (head, "PXN")) {
-    strcpy (make, "Logitech");
-    strcpy (model,"Fotoman Pixtura");
+    strlcpy (make, "Logitech", sizeof make);
+    strlcpy (model,"Fotoman Pixtura", sizeof model);
   } else if (!memcmp (head, "FUJIFILM", 8)) {
     fseek (ifp, 92, SEEK_SET);
     parse_fuji (get4());
@@ -4570,8 +4573,8 @@ nucore:
   else
     for (i=0; i < sizeof table / sizeof *table; i++)
       if (fsize == table[i].fsize) {
-	strcpy (make,  table[i].make );
-	strcpy (model, table[i].model);
+	strlcpy (make,  table[i].make, sizeof make);
+	strlcpy (model, table[i].model, sizeof model);
 	if (table[i].withjpeg)
 	  parse_external_jpeg();
       }
@@ -4582,7 +4585,7 @@ nucore:
 
   for (i=0; i < sizeof corp / sizeof *corp; i++)
     if (strstr (make, corp[i]))		/* Simplify company names */
-	strcpy (make, corp[i]);
+	strlcpy (make, corp[i], sizeof make);
   if (!strncmp (make,"KODAK",5))
     make[16] = model[16] = 0;
   cp = make + strlen(make);		/* Remove trailing spaces */
@@ -4608,7 +4611,7 @@ nucore:
     xmag = ymag = 1;
   }
   if (dng_version) {
-    strcat (model," DNG");
+    strlcat (model," DNG", sizeof model);
     if (filters == UINT_MAX) filters = 0;
     if (!filters)
       colors = tiff_samples;
@@ -4793,7 +4796,7 @@ canon_cr2:
     pre_mul[2] = 1.018;
   } else if (!strcmp(model,"E995")) {
 cp_e995:
-    strcpy (model, "E995");
+    strlcpy (model, "E995", sizeof model);
     height = 1540;
     width  = 2064;
     colors = 4;
@@ -4807,7 +4810,7 @@ cp_e995:
     pre_mul[2] = 1.040;
   } else if (!strcmp(model,"E2500")) {
 cp_e2500:
-    strcpy (model, "E2500");
+    strlcpy (model, "E2500", sizeof model);
     height = 1204;
     width  = 1616;
     colors = 4;
@@ -4819,11 +4822,11 @@ cp_e2500:
     pre_mul[0] = 1.818;
     pre_mul[2] = 1.618;
     if ((i = nikon_3700()) == 2) {
-      strcpy (make, "OLYMPUS");
-      strcpy (model, "C740UZ");
+      strlcpy (make, "OLYMPUS", sizeof make);
+      strlcpy (model, "C740UZ", sizeof model);
     } else if (i == 0) {
-      strcpy (make, "PENTAX");
-      strcpy (model,"Optio 33WR");
+      strlcpy (make, "PENTAX", sizeof make);
+      strlcpy (model,"Optio 33WR", sizeof model);
       flip = 1;
       filters = 0x16161616;
       pre_mul[0] = 1.331;
@@ -4839,8 +4842,8 @@ cp_e2500:
     pre_mul[2] = 322;
   } else if (!strcmp(model,"DiMAGE Z2")) {
 dimage_z2:
-    strcpy (make, "MINOLTA");
-    strcpy (model,"DiMAGE Z2");
+    strlcpy (make, "MINOLTA", sizeof make);
+    strlcpy (model,"DiMAGE Z2", sizeof model);
     height = 1710;
     width  = 2288;
     filters = 0x16161616;
@@ -4866,7 +4869,7 @@ dimage_z2:
     filters = 0x61616161;
     load_raw = fuji_s2_load_raw;
     black = 128;
-    strcpy (model+7, " S2Pro");
+    strlcpy (model+7, " S2Pro", sizeof model -7);
   } else if (!strcmp(model,"FinePix S3Pro")) {
     height = 3583;
     width  = 3584;
@@ -4938,7 +4941,7 @@ dimage_z2:
     } else if (!strncmp(model,"ALPHA",5) ||
 	       !strncmp(model,"DYNAX",5) ||
 	       !strncmp(model,"MAXXUM",6)) {
-      sprintf (model, "DYNAX%s", strchr (model,' '));
+      snprintf (model, sizeof model, "DYNAX%s", strchr (model,' '));
       load_raw = packed_12_load_raw;
       maximum = 0xffb;
     } else if (!strncmp(model,"DiMAGE G",8)) {
@@ -5051,15 +5054,15 @@ konica_400z:
       height -= 16;
       width  -= 28;
       maximum = 0xf5c0;
-      strcpy (make, "ISG");
-      sprintf (model, "%dx%d", width, height);
+      strlcpy (make, "ISG", sizeof make);
+      snprintf (model, sizeof model, "%dx%d", width, height);
     }
   } else if (!strcmp(make,"Imacon")) {
     height = raw_height - 6;
     width  = raw_width - 10;
     data_offset += 6 + raw_width*12;
     flip = height > width+10 ? 5:3;
-    sprintf (model, "Ixpress %d-Mp", height*width/1000000);
+    snprintf (model, sizeof model, "Ixpress %d-Mp", height*width/1000000);
     filters = 0x61616161;
     load_raw = unpacked_load_raw;
     maximum = 0xffff;
@@ -5078,11 +5081,11 @@ konica_400z:
     if (tiff_data_compression == 99)
       load_raw = lossless_jpeg_load_raw;
     maximum = 0x3fff;
-    strcpy (model, "Valeo");
+    strlcpy (model, "Valeo", sizeof model);
     if (filters == 0) {
       load_raw = leaf_load_raw;
       maximum = 0xffff;
-      strcpy (model, "Volare");
+      strlcpy (model, "Volare", sizeof model);
     }
   } else if (!strcmp(make,"LEICA") || !strcmp(make,"Panasonic")) {
     if (width == 3304) width -= 16;
@@ -5219,7 +5222,7 @@ konica_400z:
 	return 1;
     }
     if (strstr(model,"DC25")) {
-      strcpy (model, "DC25");
+      strlcpy (model, "DC25", sizeof model);
       data_offset = 15424;
     }
     if (!strncmp(model,"DC2",3)) {
@@ -5238,19 +5241,19 @@ konica_400z:
       pre_mul[3] = 1.036;
       load_raw = kodak_easy_load_raw;
     } else if (!strcmp(model,"Digital Camera 40")) {
-      strcpy (model, "DC40");
+      strlcpy (model, "DC40", sizeof model);
       height = 512;
       width  = 768;
       data_offset = 1152;
       load_raw = kodak_radc_load_raw;
     } else if (strstr(model,"DC50")) {
-      strcpy (model, "DC50");
+      strlcpy (model, "DC50", sizeof model);
       height = 512;
       width  = 768;
       data_offset = 19712;
       load_raw = kodak_radc_load_raw;
     } else if (strstr(model,"DC120")) {
-      strcpy (model, "DC120");
+      strlcpy (model, "DC120", sizeof model);
       height = 976;
       width  = 848;
       if (tiff_data_compression == 7)
@@ -5672,6 +5675,7 @@ int CLASS main (int argc, char **argv)
   struct utimbuf ut;
   const char *write_ext = ".ppm";
   FILE *ofp = stdout;
+  size_t ofsize;
 #ifdef USE_LCMS
   char *profile = NULL;
 #endif
@@ -5844,14 +5848,15 @@ next:
     convert_to_rgb();
     if (flip) flip_image();
     fclose(ifp);
-    ofname = malloc (strlen(ifname) + 16);
+    ofsize = strlen(ifname) + 16;
+    ofname = malloc (ofsize);
     merror (ofname, "main()");
     if (write_to_stdout)
-      strcpy (ofname, "standard output");
+      strlcpy (ofname, "standard output", ofsize);
     else {
-      strcpy (ofname, ifname);
+      strlcpy (ofname, ifname, ofsize);
       if ((cp = strrchr (ofname, '.'))) *cp = 0;
-      strcat (ofname, write_ext);
+      strlcat (ofname, write_ext, ofsize);
       ofp = fopen (ofname, "wb");
       if (!ofp) {
 	status = 1;
