$OpenBSD: patch-gpasm_evaluate_c,v 1.1.1.1 2003/11/03 01:02:34 naddy Exp $
--- gpasm/evaluate.c.orig	2003-10-14 20:58:03.000000000 +1000
+++ gpasm/evaluate.c	2003-10-14 21:01:47.000000000 +1000
@@ -79,7 +79,7 @@ int can_evaluate_concatenation(struct pn
     return can_evaluate_concatenation(p->value.binop.p0) 
            && can_evaluate_concatenation(p->value.binop.p1);
   case string:
-    sprintf(buf, "Illegal argument (%s).", p->value.string);
+    snprintf(buf, sizeof(buf), "Illegal argument (%s).", p->value.string);
     gperror(GPE_ILLEGAL_ARGU, buf);
     return 0;
   default:
@@ -113,13 +113,13 @@ int can_evaluate(struct pnode *p)
 	s = get_symbol(state.stTop, p->value.symbol);
 
         if (s == NULL) {
-          sprintf(buf, "Symbol not previously defined (%s).", p->value.symbol);
+          snprintf(buf, sizeof(buf), "Symbol not previously defined (%s).", p->value.symbol);
           gperror(GPE_NOSYM, buf);    
 	} else {
           var = get_symbol_annotation(s);
 
           if (var == NULL) {
-            sprintf(buf, "Symbol not assigned a value (%s).", p->value.symbol);
+            snprintf(buf, sizeof(buf), "Symbol not assigned a value (%s).", p->value.symbol);
             gpwarning(GPW_UNKNOWN, buf);    
           }
         }  
@@ -132,7 +132,7 @@ int can_evaluate(struct pnode *p)
   case binop:
     return can_evaluate(p->value.binop.p0) && can_evaluate(p->value.binop.p1);
   case string:
-    sprintf(buf, "Illegal argument (%s).", p->value.string);
+    snprintf(buf, sizeof(buf), "Illegal argument (%s).", p->value.string);
     gperror(GPE_ILLEGAL_ARGU, buf);
     return 0;
   default:
@@ -151,19 +151,23 @@ char *evaluate_concatenation(struct pnod
     assert(p->value.binop.op == CONCAT);
     {
       char *s[2], *new;
+      size_t sizeof_new;
 
       s[0] = evaluate_concatenation(p->value.binop.p0);
       s[1] = evaluate_concatenation(p->value.binop.p1);
-      new = malloc(strlen(s[0]) + 1 + strlen(s[1]) + 1);
-      strcpy(new, s[0]);
-      strcat(new, s[1]);
+      sizeof_new =strlen(s[0]) + 1 + strlen(s[1]) + 1;
+      new = malloc(sizeof_new);
+      if (new) {
+        strlcpy(new, s[0], sizeof_new);
+        strlcat(new, s[1], sizeof_new);
+      }
       return new;
     }
   case unop:
     assert(p->value.unop.op == VAR);
     {
       char buf[80];
-      sprintf(buf, "%d", maybe_evaluate(p->value.unop.p0));
+      snprintf(buf, sizeof(buf), "%d", maybe_evaluate(p->value.unop.p0));
       return (strdup(buf));
     }
   default:
@@ -186,7 +190,7 @@ gpasmVal evaluate(struct pnode *p)
     s = get_symbol(state.stTop, string);
     if (s == NULL) {
       char buf[BUFSIZ];
-      sprintf(buf, "Symbol not previously defined (%s).", string);
+      snprintf(buf, sizeof(buf), "Symbol not previously defined (%s).", string);
       gperror(GPE_NOSYM, buf); 
       return 0;
     } else {
@@ -389,7 +393,7 @@ add_reloc(struct pnode *p, short offset,
     if (strcmp(p->value.symbol, "$") == 0) {
       char buffer[BUFSIZ];
       
-      sprintf(buffer, "_$_%06x", state.org << _16bit_core);
+      snprintf(buffer, sizeof(buffer), "_$_%06x", state.org << _16bit_core);
       set_global(buffer, state.org << _16bit_core, PERMANENT, gvt_static);
       s = get_symbol(state.stTop, buffer);
     } else {