3 files changed, 12 insertions, 8 deletions

diff --git a/core/include/fxcrt/fx_system.h b/core/include/fxcrt/fx_system.h
index b31a60396b..a875da5f9c 100644
--- a/core/include/fxcrt/fx_system.h
+++ b/core/include/fxcrt/fx_system.h
@@ -139,11 +139,13 @@ typedef FX_UINT64				FX_QWORD;
 #define FX_PI	3.1415926535897932384626433832795f
 #if _FXM_PLATFORM_ == _FXM_PLATFORM_WINDOWS_
 #define FXSYS_snprintf	_snprintf
+#define FXSYS_vsnprintf	_vsnprintf
 #else
 #define FXSYS_snprintf	snprintf
+#define FXSYS_vsnprintf	vsnprintf
 #endif
-#define FXSYS_sprintf	sprintf
-#define FXSYS_vsprintf	vsprintf
+#define FXSYS_sprintf	DO_NOT_USE_SPRINTF_DIE_DIE_DIE
+#define FXSYS_vsprintf	DO_NOT_USE_VSPRINTF_DIE_DIE_DIE
 #define FXSYS_strchr	strchr
 #define FXSYS_strlen	strlen
 #define FXSYS_strncmp	strncmp
diff --git a/core/src/fxcodec/libjpeg/fpdfapi_jerror.c b/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
index 943ced798f..282f889ebd 100644
--- a/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
+++ b/core/src/fxcodec/libjpeg/fpdfapi_jerror.c
@@ -177,9 +177,9 @@ format_message (j_common_ptr cinfo, char * buffer)
 
   /* Format the message into the passed buffer */
   if (isstring)
-    FXSYS_sprintf(buffer, msgtext, err->msg_parm.s);
+    sprintf(buffer, msgtext, err->msg_parm.s);
   else
-    FXSYS_sprintf(buffer, msgtext,
+    sprintf(buffer, msgtext,
 	    err->msg_parm.i[0], err->msg_parm.i[1],
 	    err->msg_parm.i[2], err->msg_parm.i[3],
 	    err->msg_parm.i[4], err->msg_parm.i[5],
diff --git a/core/src/fxcrt/fx_basic_bstring.cpp b/core/src/fxcrt/fx_basic_bstring.cpp
index 5c8a2fa8f3..895c8e560e 100644
--- a/core/src/fxcrt/fx_basic_bstring.cpp
+++ b/core/src/fxcrt/fx_basic_bstring.cpp
@@ -676,10 +676,10 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList)
                     if (nWidth + nPrecision > 100) {
                         nItemLen = nPrecision + nWidth + 128;
                     } else {
-                        double f;
                         char pszTemp[256];
-                        f = va_arg(argList, double);
-                        FXSYS_sprintf(pszTemp, "%*.*f", nWidth, nPrecision + 6, f );
+                        double f = va_arg(argList, double);
+                        memset(pszTemp, 0, sizeof(pszTemp));
+                        FXSYS_snprintf(pszTemp, sizeof(pszTemp) - 1, "%*.*f", nWidth, nPrecision + 6, f);
                         nItemLen = (FX_STRSIZE)FXSYS_strlen(pszTemp);
                     }
                     break;
@@ -697,9 +697,11 @@ void CFX_ByteString::FormatV(FX_LPCSTR lpszFormat, va_list argList)
         }
         nMaxLen += nItemLen;
     }
+    nMaxLen += 32;  // Fudge factor.
     GetBuffer(nMaxLen);
     if (m_pData) {
-        FXSYS_vsprintf(m_pData->m_String, lpszFormat, argListSave);
+        memset(m_pData->m_String, 0, nMaxLen);
+        FXSYS_vsnprintf(m_pData->m_String, nMaxLen - 1, lpszFormat, argListSave);
         ReleaseBuffer();
     }
     va_end(argListSave);