--- zlib-1.1.4/gzio.c.org	Fri May 23 15:44:26 2003
+++ zlib-1.1.4/gzio.c	Fri May 23 15:52:33 2003
@@ -532,11 +532,12 @@
 #ifdef HAS_vsnprintf
     (void)vsnprintf(buf, sizeof(buf), format, va);
 #else
+#error "potential buffer overflow: see cert.org VU#142121"
     (void)vsprintf(buf, format, va);
 #endif
     va_end(va);
     len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
-    if (len <= 0) return 0;
+    if ( len <= 0 || len > sizeof(buf) ) return 0;
 
     return gzwrite(file, buf, (unsigned)len);
 }
@@ -556,11 +557,12 @@
     snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
 	     a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
 #else
+#error "potential buffer overflow: see cert.org VU#142121"
     sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
 	    a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
 #endif
     len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
-    if (len <= 0) return 0;
+    if ( len <= 0 || len > sizeof(buf) ) return 0;
 
     return gzwrite(file, buf, len);
 }