diff -Nrup xli-2005-02-27/imagetypes.c xli-2005-02-27/imagetypes.c
--- xli-2005-02-27/imagetypes.c	1999-10-24 22:14:57.000000000 -0400
+++ xli-2005-02-27/imagetypes.c	2005-10-18 07:53:46.000000000 -0400
@@ -53,7 +53,7 @@ Image *loadImage(ImageOptions * image_op
 	Image *image;
 	int a;
 
-	if (findImage(image_ops->name, fullname) < 0) {
+	if (findImage(image_ops->name, fullname, BUFSIZ) < 0) {
 		if (errno == ENOENT)
 			printf("%s: image not found\n", image_ops->name);
 		else if (errno == EISDIR)
@@ -95,7 +95,7 @@ void identifyImage(char *name)
 	char fullname[BUFSIZ];
 	int a;
 
-	if (findImage(name, fullname) < 0) {
+	if (findImage(name, fullname, BUFSIZ) < 0) {
 		if (errno == ENOENT)
 			printf("%s: image not found\n", name);
 		else if (errno == EISDIR)
diff -Nrup xli-2005-02-27/path.c xli-2005-02-27/path.c
--- xli-2005-02-27/path.c	2005-02-27 19:42:39.000000000 -0500
+++ xli-2005-02-27/path.c	2005-10-18 07:56:45.000000000 -0400
@@ -172,12 +172,12 @@ static int fileIsOk(char *fullname, stru
 /* find an image with paths and extensions from defaults files.  returns
  * -1 if access denied or not found, 0 if ok.
  */
-int findImage(char *name, char *fullname)
+int findImage(char *name, char *fullname, size_t size)
 {
 	unsigned int p, e;
 	struct stat sbuf;
 
-	strcpy(fullname, name);
+	strncpy(fullname, name, size);
 	if (!strcmp(name, "stdin"))	/* stdin is special name */
 		return (0);
 
@@ -185,26 +185,26 @@ int findImage(char *name, char *fullname
 	if (!stat(fullname, &sbuf))
 		return (fileIsOk(fullname, &sbuf));
 #ifndef NO_COMPRESS
-	strcat(fullname, ".Z");
+	strncat(fullname, ".Z", size);
 	if (!stat(fullname, &sbuf))
 		return (fileIsOk(fullname, &sbuf));
 #endif
 
 	for (p = 0; p < NumPaths; p++) {
-		sprintf(fullname, "%s/%s", Paths[p], name);
+		snprintf(fullname, size, "%s/%s", Paths[p], name);
 		if (!stat(fullname, &sbuf))
 			return (fileIsOk(fullname, &sbuf));
 #ifndef NO_COMPRESS
-		strcat(fullname, ".Z");
+		strncat(fullname, ".Z", size);
 		if (!stat(fullname, &sbuf))
 #endif
 			return (fileIsOk(fullname, &sbuf));
 		for (e = 0; e < NumExts; e++) {
-			sprintf(fullname, "%s/%s%s", Paths[p], name, Exts[e]);
+			snprintf(fullname, size, "%s/%s%s", Paths[p], name, Exts[e]);
 			if (!stat(fullname, &sbuf))
 				return (fileIsOk(fullname, &sbuf));
 #ifndef NO_COMPRESS
-			strcat(fullname, ".Z");
+			strncat(fullname, ".Z", size);
 			if (!stat(fullname, &sbuf))
 				return (fileIsOk(fullname, &sbuf));
 #endif
@@ -212,11 +212,11 @@ int findImage(char *name, char *fullname
 	}
 
 	for (e = 0; e < NumExts; e++) {
-		sprintf(fullname, "%s%s", name, Exts[e]);
+		snprintf(fullname, size, "%s%s", name, Exts[e]);
 		if (!stat(fullname, &sbuf))
 			return (fileIsOk(fullname, &sbuf));
 #ifndef NO_COMPRESS
-		strcat(fullname, ".Z");
+		strncat(fullname, ".Z", size);
 		if (!stat(fullname, &sbuf))
 			return (fileIsOk(fullname, &sbuf));
 #endif
@@ -241,7 +241,7 @@ void listImages(void)
 	for (a = 0; a < NumPaths; a++) {
 		printf("%s:\n", Paths[a]);
 		fflush(stdout);
-		sprintf(buf, "ls %s", Paths[a]);
+		snprintf(buf, sizeof(buf)-1, "ls %s", Paths[a]);
 		if (system(buf) < 0) {
 			perror("ls");
 			return;
@@ -296,14 +296,14 @@ char *expandPath(char *p)
 			var++;
 		else if (*p == '~') {
 			buf1[b1] = '\0';
-			strcat(buf1, getenv("HOME"));
+			strncat(buf1, getenv("HOME"), sizeof(buf1)-1);
 			b1 = strlen(buf1);
 			var = 0;
 		} else if (*p == '/' || *p == '}') {
 			if (var) {
 				buf1[b1] = '\0';
 				buf2[b2] = '\0';
-				strcat(buf1, getenv(buf2));
+				strncat(buf1, getenv(buf2), sizeof(buf1));
 				b1 = strlen(buf1);
 				buf2[0] = '\0';
 				b2 = 0;
diff -Nrup xli-2005-02-27/reduce.c xli-2005-02-27/reduce.c
--- xli-2005-02-27/reduce.c	1999-10-24 22:15:02.000000000 -0400
+++ xli-2005-02-27/reduce.c	2005-10-18 07:33:34.000000000 -0400
@@ -178,7 +178,7 @@ Image *reduce(Image *image, unsigned col
 	/* get destination image */
 	depth = colorsToDepth(OutColors);
 	new_image = newRGBImage(image->width, image->height, depth);
-	sprintf(buf, "%s (%d colors)", image->title, OutColors);
+	snprintf(buf, sizeof(buf)-1, "%s (%d colors)", image->title, OutColors);
 	new_image->title = dupString(buf);
 	new_image->gamma = image->gamma;
 
diff -Nrup xli-2005-02-27/rlelib.c xli-2005-02-27/rlelib.c
--- xli-2005-02-27/rlelib.c	2005-10-18 07:40:51.000000000 -0400
+++ xli-2005-02-27/rlelib.c	2005-10-18 07:48:12.000000000 -0400
@@ -18,7 +18,7 @@
 #undef  DEBUG
 
 #ifdef DEBUG
-# define debug(xx)	fprintf(stderr,xx)
+# define debug(xx)	fprintf(stderr, "%s", xx)
 #else
 # define debug(xx)
 #endif
Files xli-2005-02-27/xli and xli-2005-02-27/xli differ
diff -Nrup xli-2005-02-27/xli.h xli-2005-02-27/xli.h
--- xli-2005-02-27/xli.h	1999-10-24 22:15:07.000000000 -0400
+++ xli-2005-02-27/xli.h	2005-10-19 07:49:21.000000000 -0400
@@ -229,7 +229,7 @@ char *xlistrstr(char *s1, char *s2);
 
 /* path.c */
 char *expandPath(char *p);
-int findImage(char *name, char *fullname);
+int findImage(char *name, char *fullname, size_t size);
 void listImages(void);
 void loadPathsAndExts(void);
 void showPath(void);
diff -Nrup xli-2005-02-27/xlito.c xli-2005-02-27/xlito.c
--- xli-2005-02-27/xlito.c	2005-02-27 19:42:39.000000000 -0500
+++ xli-2005-02-27/xlito.c	2005-10-18 07:48:54.000000000 -0400
@@ -31,7 +31,7 @@ char *pname, *fname;
 #undef  DEBUG
 
 #ifdef DEBUG
-# define debug(xx)	fprintf(stderr,xx)
+# define debug(xx)	fprintf(stderr, "%s", xx)
 #else
 # define debug(xx)
 #endif
diff -Nrup xli-2005-02-27/zoom.c xli-2005-02-27/zoom.c
--- xli-2005-02-27/zoom.c	2005-02-27 19:42:39.000000000 -0500
+++ xli-2005-02-27/zoom.c	2005-10-18 07:35:42.000000000 -0400
@@ -52,30 +52,30 @@ Image *zoom(Image *oimage, unsigned int 
     if (verbose)
       printf("  Zooming image Y axis by %d%%...", yzoom);
     if (changetitle)
-      sprintf(buf, "%s (Y zoom %d%%)", oimage->title, yzoom);
+      snprintf(buf, sizeof(buf)-1, "%s (Y zoom %d%%)", oimage->title, yzoom);
   }
   else if (!yzoom) {
     if (verbose)
       printf("  Zooming image X axis by %d%%...", xzoom);
     if (changetitle)
-      sprintf(buf, "%s (X zoom %d%%)", oimage->title, xzoom);
+      snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%%)", oimage->title, xzoom);
   }
   else if (xzoom == yzoom) {
     if (verbose)
       printf("  Zooming image by %d%%...", xzoom);
     if (changetitle)
-      sprintf(buf, "%s (%d%% zoom)", oimage->title, xzoom);
+      snprintf(buf, sizeof(buf)-1, "%s (%d%% zoom)", oimage->title, xzoom);
   }
   else {
     if (verbose)
       printf("  Zooming image X axis by %d%% and Y axis by %d%%...",
 	     xzoom, yzoom);
     if (changetitle)
-      sprintf(buf, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
+      snprintf(buf, sizeof(buf)-1, "%s (X zoom %d%% Y zoom %d%%)", oimage->title,
 	    xzoom, yzoom);
   }
   if (!changetitle)
-    strcpy(buf,oimage->title);
+    strncpy(buf,oimage->title, sizeof(buf)-1);
 
   if (verbose)
     fflush(stdout);