--- cgi/cgi.c.orig	Mon Nov  6 23:32:16 2006
+++ cgi/cgi.c	Thu Apr 28 16:33:48 2016
@@ -503,7 +503,7 @@ static void _launch_debugger (CGI *cgi, char *display)
 
   if (!pid)
   {
-    sprintf(buffer, debugger, display, Argv0, myPid);
+    snprintf(buffer, sizeof(buffer), debugger, display, Argv0, myPid);
     execl("/bin/sh", "sh", "-c", buffer, NULL);
   }
   else
@@ -1205,11 +1205,11 @@ NEOERR *cgi_output (CGI *cgi, STRING *str)
 	  {
 	    if (use_gzip)
 	    {
-	      /* I'm using sprintf instead of cgiwrap_writef since
+	      /* I'm using snprintf instead of cgiwrap_writef since
 	       * the wrapper writef might not handle values with
 	       * embedded NULLs... though I should fix the python one
 	       * now as well */
-	      sprintf(gz_buf, "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1],
+	      snprintf(gz_buf, sizeof(gz_buf), "%c%c%c%c%c%c%c%c%c%c", gz_magic[0], gz_magic[1],
 		  Z_DEFLATED, 0 /*flags*/, 0,0,0,0 /*time*/, 0 /*xflags*/,
 		  OS_CODE);
 	      err = cgiwrap_write(gz_buf, 10);
@@ -1221,7 +1221,7 @@ NEOERR *cgi_output (CGI *cgi, STRING *str)
 	    if (use_gzip)
 	    {
 	      /* write crc and len in network order */
-	      sprintf(gz_buf, "%c%c%c%c%c%c%c%c",
+	      snprintf(gz_buf, sizeof(gz_buf), "%c%c%c%c%c%c%c%c",
 		  (0xff & (crc >> 0)),
 		  (0xff & (crc >> 8)),
 		  (0xff & (crc >> 16)),
