$OpenBSD: patch-src_rxvtfont_C,v 1.2 2010/12/23 08:45:57 dcoppa Exp $
--- src/rxvtfont.C.orig	Wed Dec  1 04:55:56 2010
+++ src/rxvtfont.C	Thu Dec 23 09:34:10 2010
@@ -686,10 +686,13 @@ replace_field (char **ptr, const char *name, int index
   if (slashes >= 13 && (!old || *field == old))
     {
       size_t len = field - name;
-      *ptr = (char *)malloc (len + strlen (replace) + strlen (end) + 1);
+      size_t len_replace = strlen (replace);
+      size_t len_end = strlen (end);
+      *ptr = (char *)malloc (len + len_replace + len_end + 1);
       memcpy (*ptr, name, len);
-      strcpy (*ptr + len, replace);
-      strcat (*ptr, end);
+      memcpy (*ptr + len, replace, len_replace);
+      memcpy (*ptr + len + len_replace, end, len_end);
+      (*ptr)[len + len_replace + len_end] = 0;
 
       return true;
     }
@@ -750,8 +753,8 @@ rxvt_font_x11::load (const rxvt_fontprop &prop, bool f
         }
     }
 
-  sprintf (field_str, "%d", prop.height == rxvt_fontprop::unset
-                              ? 0 : prop.height);
+  snprintf (field_str, sizeof (field_str), "%d",
+            prop.height == rxvt_fontprop::unset ? 0 : prop.height);
 
   struct font_weight {
     char *name;
