$OpenBSD: patch-src_lstrlib_c,v 1.4 2011/08/25 07:02:42 jasper Exp $
--- src/lstrlib.c.orig	Wed Aug 24 22:24:32 2011
+++ src/lstrlib.c	Wed Aug 24 22:24:32 2011
@@ -746,10 +746,9 @@ static const char *scanformat (lua_State *L, const cha
 
 static void addintlen (char *form) {
   size_t l = strlen(form);
-  char spec = form[l - 1];
-  strcpy(form + l - 1, LUA_INTFRMLEN);
-  form[l + sizeof(LUA_INTFRMLEN) - 2] = spec;
-  form[l + sizeof(LUA_INTFRMLEN) - 1] = '\0';
+  char spec[3] = { 'l', form[l - 1], '\0' };
+  form[l - 1] = '\0';
+  strlcat(form, spec, MAX_FORMAT);
 }
 
 
@@ -774,22 +773,24 @@ static int str_format (lua_State *L) {
       strfrmt = scanformat(L, strfrmt, form);
       switch (*strfrmt++) {
         case 'c': {
-          sprintf(buff, form, (int)luaL_checknumber(L, arg));
+          snprintf(buff, sizeof(buff), form, (int)luaL_checknumber(L, arg));
           break;
         }
         case 'd':  case 'i': {
           addintlen(form);
-          sprintf(buff, form, (LUA_INTFRM_T)luaL_checknumber(L, arg));
+          snprintf(buff, sizeof(buff), form,
+	    (LUA_INTFRM_T)luaL_checknumber(L, arg));
           break;
         }
         case 'o':  case 'u':  case 'x':  case 'X': {
           addintlen(form);
-          sprintf(buff, form, (unsigned LUA_INTFRM_T)luaL_checknumber(L, arg));
+          snprintf(buff, sizeof(buff), form,
+	    (unsigned LUA_INTFRM_T)luaL_checknumber(L, arg));
           break;
         }
         case 'e':  case 'E': case 'f':
         case 'g': case 'G': {
-          sprintf(buff, form, (double)luaL_checknumber(L, arg));
+          snprintf(buff, sizeof(buff), form, (double)luaL_checknumber(L, arg));
           break;
         }
         case 'q': {
@@ -807,7 +808,7 @@ static int str_format (lua_State *L) {
             continue;  /* skip the `addsize' at the end */
           }
           else {
-            sprintf(buff, form, s);
+            snprintf(buff, sizeof(buff), form, s);
             break;
           }
         }
