Simon Burge <simonb@wasabisystems.com> writes:

> -            strcpy(z_suffix, optarg);
> +	    if (z_len > sizeof(z_suffix)-1) {
> +		fprintf(stderr, "%s: -S suffix too long\n", progname);
> +		usage();
> +		do_exit(ERROR);
> +	    }
> +            strlcpy(z_suffix, optarg, sizeof(z_suffix));

Probably it is better to use the same way to detect overflow written
in man page, isn't it?

> -        if (*dot == '\0') strcpy(dot, ".");
> +        if (*dot == '\0')
> +	    strlcpy(dot, ".", sizeof(dot));

You have to check the type of ``dot'' more carefully.

> @@ -1473,7 +1480,7 @@ local void shorten_name(name)
>      len = strlen(name);
>      if (decompress) {
>  	if (len <= 1) error("name too short");
> -	name[len-1] = '\0';
> +	name[0] = '\0';
>  	return;
>      }
>      p = get_suffix(name);

Shotening directly to null string is too aggressive :-).  I guess
original intention is shotening one by one.

enami.