Index: jhead.c
--- jhead.c.orig
+++ jhead.c
@@ -165,7 +165,8 @@ static int FileEditComment(char * TempFileName, char *
         }
         if (strlen(Editor) > PATH_MAX) ErrFatal("env too long");
 
-        sprintf(QuotedPath, "%s \"%s\"",Editor, TempFileName);
+        snprintf(QuotedPath, sizeof(QuotedPath), "%s \"%s\"",Editor,
+	    TempFileName);
         a = system(QuotedPath);
     }
 
@@ -272,7 +273,8 @@ static int ModifyDescriptComment(char * OutComment, ch
     if (!HasScandate && !ImageInfo.DateTime[0]){
         // Scan date is not in the file yet, and it doesn't have one built in.  Add it.
         char Temp[40];
-        sprintf(Temp, "scan_date=%s", ctime(&ImageInfo.FileDateTime));
+        snprintf(Temp, sizeof(Temp),
+            "scan_date=%s", ctime(&ImageInfo.FileDateTime));
         strncat(OutComment, Temp, MAX_COMMENT_SIZE-5-strlen(OutComment));
         Modified = TRUE;
     }
@@ -304,8 +306,10 @@ static int AutoResizeCmdStuff(void)
 
     if (scale < 0.4) scale = 0.4; // Don't scale down by too much.
 
-    sprintf(CommandString, "mogrify -geometry %dx%d -quality 85 &i",(int)(ImageInfo.Width*scale+0.5), 
-                                    (int)(ImageInfo.Height*scale+0.5));
+    snprintf(CommandString, sizeof(CommandString),
+        "mogrify -geometry %dx%d -quality 85 &i",
+        (int)(ImageInfo.Width*scale+0.5), (int)(ImageInfo.Height*scale+0.5));
+
     return TRUE;
 }
 
@@ -632,7 +636,8 @@ static void DoFileRenaming(const char * FileName)
                         memcpy(pat, pattern+ppos, 4);
                         pat[a-ppos] = 'd'; // Replace 'i' with 'd' for '%d'
                         pat[a-ppos+1] = '\0';
-                        sprintf(num, pat, FileSequence); // let printf do the number formatting.
+			// let printf do the number formatting.
+			snprintf(num, sizeof(num), pat, FileSequence);
                         nl = strlen(num);
                         l = strlen(pattern+a+1);
                         if (ppos+nl+l+1 >= PATH_MAX) ErrFatal("str overflow");
@@ -648,7 +653,7 @@ static void DoFileRenaming(const char * FileName)
         strftime(NewName, PATH_MAX, pattern, &tm);
     }else{
         // My favourite scheme.
-        sprintf(NewName, "%02d%02d-%02d%02d%02d",
+        snprintf(NewName, sizeof(NewName), "%02d%02d-%02d%02d%02d",
              tm.tm_mon+1, tm.tm_mday, tm.tm_hour, tm.tm_min, tm.tm_sec);
     }
 
@@ -677,7 +682,7 @@ static void DoFileRenaming(const char * FileName)
             NameExtra[0] = 0;
         }
 
-        sprintf(NewName, "%s%s.jpg", NewBaseName, NameExtra);
+        snprintf(NewName, sizeof(NewName), "%s%s.jpg", NewBaseName, NameExtra);
 
         if (!strcmp(FileName, NewName)) break; // Skip if its already this name.
 
@@ -692,7 +697,8 @@ static void DoFileRenaming(const char * FileName)
                 printf("%s --> %s\n",FileName, NewName);
 #ifdef _WIN32
                 if (RenameAssociatedFiles){
-                    sprintf(NewName, "%s%s", NewBaseName, NameExtra);
+                    snprintf(NewName, sizeof(NewName),
+			"%s%s", NewBaseName, NameExtra);
                     RenameAssociated(FileName, NewName);
                 }
 #endif
@@ -726,7 +732,8 @@ static int DoAutoRotate(const char * FileName)
                 // Unknown orientation, but still modified.                
                 return TRUE; // Image is still modified.
             }
-            sprintf(RotateCommand, "jpegtran -trim -%s -outfile &o &i", Argument);
+            snprintf(RotateCommand, sizeof(RotateCommand), 
+                "jpegtran -trim -%s -outfile &o &i", Argument);
             ApplyCommand = RotateCommand;
             DoCommand(FileName, FALSE);
             ApplyCommand = NULL;
@@ -745,7 +752,8 @@ static int DoAutoRotate(const char * FileName)
                 strcpy(ThumbTempName_out, FileName);
                 strcat(ThumbTempName_out, ".tho");
                 SaveThumbnail(ThumbTempName_in);
-                sprintf(RotateCommand,"jpegtran -trim -%s -outfile \"%s\" \"%s\"",
+                snprintf(RotateCommand, sizeof(RotateCommand), 
+                    "jpegtran -trim -%s -outfile \"%s\" \"%s\"",
                     Argument, ThumbTempName_out, ThumbTempName_in);
 
                 if (system(RotateCommand) == 0){
@@ -773,7 +781,8 @@ static int RegenerateThumbnail(const char * FileName)
         return FALSE;
     }
 
-    sprintf(ThumbnailGenCommand, "mogrify -thumbnail %dx%d \"%s\"", 
+    snprintf(ThumbnailGenCommand, sizeof(ThumbnailGenCommand),
+        "mogrify -thumbnail %dx%d \"%s\"",
         RegenThumbnail, RegenThumbnail, FileName);
 
     if (system(ThumbnailGenCommand) == 0){
@@ -1143,7 +1152,7 @@ static void ProcessFile(const char * FileName)
 
             // Print to temp buffer first to avoid putting null termination in destination.
             // snprintf() would do the trick, hbut not available everywhere (like FreeBSD 4.4)
-            sprintf(TempBuf, "%04d:%02d:%02d %02d:%02d:%02d",
+            snprintf(TempBuf, sizeof(TempBuf), "%04d:%02d:%02d %02d:%02d:%02d",
                 tm.tm_year+1900, tm.tm_mon+1, tm.tm_mday,
                 tm.tm_hour, tm.tm_min, tm.tm_sec);
             
