File cscope-15.6-sprintf.patch of Package cscope
--- src/build.c
+++ src/build.c
@@ -223,7 +223,7 @@
     if (strcmp(currentdir, home) == 0) {
 	strcpy(newdir, "$HOME");
     } else if (strncmp(currentdir, home, strlen(home)) == 0) {
-	sprintf(newdir, "$HOME%s", currentdir + strlen(home));
+	snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home));
     }
     /* sort the source file names (needed for rebuilding) */
     qsort(srcfiles, nsrcfiles, sizeof(char *), compare);
@@ -454,7 +454,7 @@
 	}
 	fstat(fileno(postings), &statstruct);
 	fclose(postings);
-	sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
+	snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
 	if ((postings = mypopen(sortcommand, "r")) == NULL) {
 	    fprintf(stderr, "cscope: cannot open pipe to sort command\n");
 	    cannotindex();
--- src/command.c
+++ src/command.c
@@ -739,7 +739,7 @@
 				
 		/* make sure it can be changed */
 		if (access(newfile, WRITE) != 0) {
-		    sprintf(msg, "Cannot write to file %s", newfile);
+		    snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile);
 		    postmsg(msg);
 		    anymarked = NO;
 		    break;
--- src/dir.c
+++ src/dir.c
@@ -139,7 +139,7 @@
 			
 	    /* compute its path from higher view path source dirs */
 	    for (i = 1; i < nvpsrcdirs; ++i) {
-		sprintf(path, "%.*s/%s",
+		snprintf(path, sizeof(path), "%.*s/%s",
 			PATHLEN - 2 - dir_len,
 			srcdirs[i], dir);
 		addsrcdir(path);
@@ -207,7 +207,7 @@
 			
 	    /* compute its path from higher view path source dirs */
 	    for (i = 1; i < nvpsrcdirs; ++i) {
-		sprintf(path, "%.*s/%s", 
+		snprintf(path, sizeof(path), "%.*s/%s", 
 			PATHLEN - 2 - dir_len,
 			srcdirs[i], dir);
 		addincdir(dir, path);
@@ -482,8 +482,6 @@
 	DIR	*dirfile;
 	int adir_len = strlen(adir);
 
-	/* FIXME: no guards against adir_len > PATHLEN, yet */
-
 	if ((dirfile = opendir(adir)) != NULL) {
 		struct dirent *entry;
 		char	path[PATHLEN + 1];
@@ -494,7 +492,7 @@
 			    && (strcmp("..",entry->d_name) != 0)) {
 				struct stat buf;
 
-				sprintf(path,"%s/%.*s", adir,
+				snprintf(path, sizeof(path), "%s/%.*s", adir,
 					PATHLEN - 2 - adir_len,
 					entry->d_name);
 
@@ -604,14 +602,14 @@
 	/* search for the file in the #include directory list */
 	for (i = 0; i < nincdirs; ++i) {
 	    /* don't include the file from two directories */
-	    sprintf(name, "%.*s/%s",
+	    snprintf(name, sizeof(name), "%.*s/%s",
 		    PATHLEN - 2 - file_len, incnames[i],
 		    file);
 	    if (infilelist(name) == YES) {
 		break;
 	    }
 	    /* make sure it exists and is readable */
-	    sprintf(path, "%.*s/%s",
+	    snprintf(path, sizeof(path), "%.*s/%s",
 		    PATHLEN - 2 - file_len, incdirs[i],
 		    file);
 	    if (access(compath(path), READ) == 0) {
@@ -659,7 +657,7 @@
 
 	/* compute its path from higher view path source dirs */
 	for (i = 1; i < nvpsrcdirs; ++i) {
-	    sprintf(path, "%.*s/%s",
+	    snprintf(path, sizeof(path), "%.*s/%s",
 		    PATHLEN - 2 - file_len, srcdirs[i],
 		    file);
 	    if (access(compath(path), READ) == 0) {
--- src/display.c
+++ src/display.c
@@ -478,20 +478,20 @@
 	/* see if it is empty */
 	if ((c = getc(refsfound)) == EOF) {
 		if (findresult != NULL) {
-			(void) sprintf(lastmsg, "Egrep %s in this pattern: %s", 
+			(void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", 
 				       findresult, Pattern);
 		} else if (rc == NOTSYMBOL) {
-			(void) sprintf(lastmsg, "This is not a C symbol: %s", 
+			(void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", 
 				       Pattern);
 		} else if (rc == REGCMPERROR) {
-			(void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", 
+			(void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", 
 				       Pattern);
 			
 		} else if (funcexist == NO) {
-			(void) sprintf(lastmsg, "Function definition does not exist: %s", 
+			(void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", 
 				       Pattern);
 		} else {
-			(void) sprintf(lastmsg, "Could not find the %s: %s", 
+			(void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", 
 				       fields[field].text2, Pattern);
 		}
 		return(NO);
@@ -527,17 +527,17 @@
 			move(MSGLINE, 0);
 			clrtoeol();
 			addstr(what);
-			sprintf(msg, "%ld", current);
+			snprintf(msg, sizeof(msg), "%ld", current);
 			move(MSGLINE, (COLS / 2) - (strlen(msg) / 2));
 			addstr(msg);
-			sprintf(msg, "%ld", max);
+			snprintf(msg, sizeof(msg), "%ld", max);
 			move(MSGLINE, COLS - strlen(msg));
 			addstr(msg);
 			refresh();
 		}
 		else if (verbosemode == YES)
 		{
-			sprintf(msg, "> %s %ld of %ld", what, current, max);
+			snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max);
 		}
 
 		start = now;
@@ -575,7 +575,7 @@
 		s = sys_errlist[errno];
 	}
 #endif
-	(void) sprintf(msg, "%s: %s", text, s);
+	(void) snprintf(msg, sizeof(msg), "%s: %s", text, s);
 	postmsg(msg);
 }
 
--- src/edit.c
+++ src/edit.c
@@ -105,9 +105,9 @@
 	char	*s;
 
 	file = filepath(file);
-	(void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
+	(void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
 	postmsg(msg);
-	(void) sprintf(plusnum, lineflag, linenum);
+	(void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
 	/* if this is the more or page commands */
 	if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
 		
@@ -132,7 +132,7 @@
 	static	char	path[PATHLEN + 1];
 	
 	if (prependpath != NULL && *file != '/') {
-		(void) sprintf(path, "%s/%s", prependpath, file);
+		(void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
 		file = path;
 	}
 	return(file);
--- src/exec.c
+++ src/exec.c
@@ -123,7 +123,7 @@
 
     /* execute the program or shell script */
     execvp(a, args);	/* returns only on failure */
-    sprintf(msg, "\nCannot exec %s", a);
+    snprintf(msg, sizeof(msg), "\nCannot exec %s", a);
     perror(msg);		/* display the reason */
     askforreturn();		/* wait until the user sees the message */
     myexit(1);		/* exit the child */
--- src/find.c
+++ src/find.c
@@ -673,7 +673,7 @@
 		/* must be an exact match */
 		/* note: regcomp doesn't recognize ^*keypad$ as a syntax error
 		         unless it is given as a single arg */
-		(void) sprintf(buf, "^%s$", s);
+		(void) snprintf(buf, sizeof(buf), "^%s$", s);
 		if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
 			return(REGCMPERROR);
 		}
--- src/main.c
+++ src/main.c
@@ -389,12 +389,12 @@
 	 * used instead of failing to open a non-existant database in
 	 * the home directory
 	 */
-	sprintf(path, "%s/%s", home, reffile);
+	snprintf(path, sizeof(path), "%s/%s", home, reffile);
 	if (isuptodate == NO || access(path, READ) == 0) {
 	    reffile = my_strdup(path);
-	    sprintf(path, "%s/%s", home, invname);
+	    snprintf(path, sizeof(path), "%s/%s", home, invname);
 	    invname = my_strdup(path);
-	    sprintf(path, "%s/%s", home, invpost);
+	    snprintf(path, sizeof(path), "%s/%s", home, invpost);
 	    invpost = my_strdup(path);
 	}
     }
@@ -735,7 +735,7 @@
 #else
     char *msg = mymalloc(50 + strlen(file));
 
-    sprintf(msg, "Removed file %s because write failed", file);
+    snprintf(msg, sizeof(msg), "Removed file %s because write failed", file);
 #endif
 
     myperror(msg);	/* display the reason */
--- src/vpaccess.c
+++ src/vpaccess.c
@@ -49,7 +49,7 @@
 	if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
 			if ((returncode = access(buf, amode)) != -1) {
 				break;
 			}
--- src/vpfopen.c
+++ src/vpfopen.c
@@ -53,7 +53,7 @@
 		) {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], filename);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename);
 			if ((returncode = myfopen(buf, type)) != NULL) {
 				break;
 			}
--- src/vpopen.c
+++ src/vpopen.c
@@ -52,7 +52,7 @@
 	    oflag == OPENFLAG_READ) {
 		vpinit(NULL);
 		for (i = 1; i < vpndirs; i++) {
-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
+			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
 			if ((returncode = myopen(buf, oflag, 0666)) != -1) {
 				break;
 			}