$OpenBSD: patch-convert_c,v 1.2 2005/05/15 18:09:41 db Exp $
--- convert.c.orig	Thu Feb 19 00:35:03 2004
+++ convert.c	Thu May 12 13:03:29 2005
@@ -341,7 +341,7 @@ process_font_table (Word *w)
 				while(w2) {
 					tmp = word_string (w2);
 					if (tmp && tmp[0] != '\\')
-						strcat(name,tmp);
+						strlcat(name,tmp,sizeof(name) - strlen(name) - 1);
 
 					w2=w2->next;
 				}
@@ -676,7 +676,7 @@ cmd_cf (Word *w, int align, char has_par
 	}
 	else
 	{
-		sprintf (str,"#%02x%02x%02x",
+		snprintf (str, sizeof(str), "#%02x%02x%02x",
 			color_table[num].r,
 			color_table[num].g,
 			color_table[num].b);
@@ -703,7 +703,7 @@ cmd_cb (Word *w, int align, char has_par
 	}
 	else
 	{
-		sprintf (str,"#%02x%02x%02x",
+		snprintf (str, sizeof(str), "#%02x%02x%02x",
 			color_table[num].r,
 			color_table[num].g,
 			color_table[num].b);
@@ -728,7 +728,7 @@ cmd_fs (Word *w, int align, char has_par
 	/* Note, fs20 means 10pt */
 	points /= 2;
 
-	sprintf (str,"%d",points);
+	snprintf (str, sizeof(str), "%d",points);
 	attr_push(ATTR_FONTSIZE,str);
 
 	return FALSE;
@@ -862,7 +862,7 @@ cmd_highlight (Word *w, int align, char 
 	}
 	else
 	{
-		sprintf (str,"#%02x%02x%02x",
+		snprintf (str, sizeof(str), "#%02x%02x%02x",
 			color_table[num].r,
 			color_table[num].g,
 			color_table[num].b);
@@ -1019,7 +1019,7 @@ static int 
 cmd_expand (Word *w, int align, char has_param, short param) {
 	char str[10];
 	if (has_param) {
-		sprintf (str, "%d", param/4);
+		snprintf (str, sizeof(str), "%d", param/4);
 		if (!param) 
 			attr_pop(ATTR_EXPAND);
 		else 
@@ -1043,7 +1043,7 @@ cmd_emboss (Word *w, int align, char has
 		attr_pop(ATTR_EMBOSS);
 	else
 	{
-		sprintf (str, "%d", param);
+		snprintf (str, sizeof(str), "%d", param);
 		attr_push(ATTR_EMBOSS, str);
 	}
 	return FALSE;
@@ -1064,7 +1064,7 @@ cmd_engrave (Word *w, int align, char ha
 		attr_pop(ATTR_ENGRAVE);
 	else
 	{
-		sprintf (str, "%d", param);
+		snprintf (str, sizeof(str), "%d", param);
 		attr_push(ATTR_ENGRAVE, str);
 	}
 	return FALSE;
@@ -2610,7 +2610,7 @@ word_print_core (Word *w)
 						case PICT_DI: ext="dib"; break; /* Device independent bitmap=??? */
 						case PICT_PM: ext="pmm"; break; /* OS/2 metafile=??? */
 						}
-						sprintf (picture_path, "pict%03d.%s", 
+						snprintf (picture_path, sizeof(picture_path), "pict%03d.%s", 
 							picture_file_number++,ext);
 						f=fopen(picture_path,"w");
 					}
