From cd568e37bc198bb68d4f6c485e2dc63d0d5d8982 Mon Sep 17 00:00:00 2001
From: Holger Vogt <holger.vogt@uni-due.de>
Date: Tue, 24 Feb 2026 17:02:00 +0100
Subject: [PATCH] Prevent potential buffer s overflow by limiting the
 characters written. Use vsnprintf instead of vsprintf.

---
 src/winmain.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/winmain.c b/src/winmain.c
index a851f4242..ee19a73c6 100644
--- a/src/winmain.c
+++ b/src/winmain.c
@@ -1499,7 +1499,7 @@ win_x_fprintf(FILE *stream, const char *format, ...)
     if ((stream == stdout) || (stream == stderr)) {
 
         s[0] = SE;
-        result = vsprintf(s, format, args);
+        result = vsnprintf(s, IOBufSize, format, args);
         win_x_fputs(s, stream);
     } else
         result = vfprintf(stream, format, args);