$OpenBSD: patch-jerror_c,v 1.5 2016/06/25 12:34:30 sthen Exp $

This one is slightly problematic.  If an application allocates less
room for its error buffer than the recommended JMSG_LENGTH_MAX, the
error message buffer will still overflow.

--- jerror.c.orig	Tue Jun  7 18:33:40 2016
+++ jerror.c	Wed Jun  8 14:19:53 2016
@@ -189,9 +189,9 @@ format_message (j_common_ptr cinfo, char *buffer)
 
   /* Format the message into the passed buffer */
   if (isstring)
-    sprintf(buffer, msgtext, err->msg_parm.s);
+    snprintf(buffer, JMSG_LENGTH_MAX, msgtext, err->msg_parm.s);
   else
-    sprintf(buffer, msgtext,
+    snprintf(buffer, JMSG_LENGTH_MAX, msgtext,
             err->msg_parm.i[0], err->msg_parm.i[1],
             err->msg_parm.i[2], err->msg_parm.i[3],
             err->msg_parm.i[4], err->msg_parm.i[5],
