diff -up ghostscript-8.70/base/gsmisc.c.vsnprintf ghostscript-8.70/base/gsmisc.c
--- ghostscript-8.70/base/gsmisc.c.vsnprintf	2008-01-07 18:43:02.000000000 +0000
+++ ghostscript-8.70/base/gsmisc.c	2009-11-24 17:16:38.575250571 +0000
@@ -69,10 +69,10 @@ int outprintf(const gs_memory_t *mem, co
 
     va_start(args, fmt);
 
-    count = vsprintf(buf, fmt, args);
+    count = vsnprintf(buf, sizeof (buf), fmt, args);
     outwrite(mem, buf, count);
-    if (count >= PRINTF_BUF_LENGTH) {
-	count = sprintf(buf, 
+    if (count == -1 || count >= sizeof (buf)) {
+	count = snprintf(buf, sizeof (buf),
 	    "PANIC: printf exceeded %d bytes.  Stack has been corrupted.\n", 
 	    PRINTF_BUF_LENGTH);
 	outwrite(mem, buf, count);
@@ -89,10 +89,10 @@ int errprintf(const char *fmt, ...)
 
     va_start(args, fmt);
 
-    count = vsprintf(buf, fmt, args);
+    count = vsnprintf(buf, sizeof (buf), fmt, args);
     errwrite(buf, count);
-    if (count >= PRINTF_BUF_LENGTH) {
-	count = sprintf(buf, 
+    if (count == -1 || count >= sizeof (buf)) {
+	count = snprintf(buf, sizeof (buf),
 	    "PANIC: printf exceeded %d bytes.  Stack has been corrupted.\n", 
 	    PRINTF_BUF_LENGTH);
 	errwrite(buf, count);
@@ -236,7 +236,7 @@ int gs_throw_imp(const char *func, const
     va_list ap;
 
     va_start(ap, fmt);
-    vsprintf(msg, fmt, ap);
+    vsnprintf(msg, sizeof (msg), fmt, ap);
     msg[sizeof(msg) - 1] = 0;
     va_end(ap);
 
diff -up ghostscript-8.70/base/gxttfb.c.vsnprintf ghostscript-8.70/base/gxttfb.c
--- ghostscript-8.70/base/gxttfb.c.vsnprintf	2009-07-09 06:59:44.000000000 +0100
+++ ghostscript-8.70/base/gxttfb.c	2009-11-24 17:16:38.577250996 +0000
@@ -246,7 +246,7 @@ static int DebugPrint(ttfFont *ttf, cons
 
     if (gs_debug_c('Y')) {
 	va_start(args, fmt);
-	count = vsprintf(buf, fmt, args);
+	count = vsnprintf(buf, sizeof (buf), fmt, args);
 	/* NB: moved debug output from stdout to stderr
 	 */
 	errwrite(buf, count);
diff -up ghostscript-8.70/base/rinkj/rinkj-byte-stream.c.vsnprintf ghostscript-8.70/base/rinkj/rinkj-byte-stream.c
--- ghostscript-8.70/base/rinkj/rinkj-byte-stream.c.vsnprintf	2008-04-04 02:02:16.000000000 +0100
+++ ghostscript-8.70/base/rinkj/rinkj-byte-stream.c	2009-11-24 17:16:38.577250996 +0000
@@ -43,7 +43,7 @@ rinkj_byte_stream_printf (RinkjByteStrea
   va_list ap;
 
   va_start (ap, fmt);
-  len = vsprintf (str, fmt, ap);
+  len = vsnprintf (str, sizeof (str), fmt, ap);
   va_end (ap);
   return rinkj_byte_stream_write (bs, str, len);
 }