This patch was created by oCert according to
 http://www.ocert.org/advisories/ocert-2008-014.html
and can be downloaded from
 http://www.ocert.org/analysis/2008-014/wordnet.patch
Unfortunately the original patch had a problem which
caused 'wordnet test -synsn' to fail.  The critical
part of the patch was removed from the whole patch
set and is moved to 51_overflows_memcpy.patch which
uses memcpy instead of the formerly used strcpy.

Index: wordnet-3.0/lib/binsrch.c
===================================================================
--- wordnet-3.0.orig/lib/binsrch.c	2013-02-19 16:03:01.698031603 +0800
+++ wordnet-3.0/lib/binsrch.c	2013-02-19 16:03:01.686031603 +0800
@@ -28,7 +28,7 @@
     char *linep;
 
     linep = line;
-    line[0] = '0';
+    line[0] = '\0';
 
     fseek( fp, offset, SEEK_SET );
     fgets(linep, LINE_LEN, fp);
@@ -58,6 +58,8 @@
         last_bin_search_offset = ftell( fp );
 	fgets(linep, LINE_LEN, fp);
 	length = (int)(strchr(linep, ' ') - linep);
+	if (length > (sizeof(key) - 1))
+            return(NULL);
 	strncpy(key, linep, length);
 	key[length] = '\0';
 	if(strcmp(key, searchkey) < 0) {
@@ -110,6 +112,8 @@
 	line[length++] =  c;
     if (getc(fp) == EOF) {	/* only 1 line in file */
 	length = (int)(strchr(linep, ' ') - linep);
+	if (length > (sizeof(key) - 1))
+            return(0);
 	strncpy(key, linep, length);
 	key[length] = '\0';
 	if(strcmp(key, searchkey) > 0) {
@@ -132,6 +136,8 @@
 	if (fgets(linep, LINE_LEN, fp) != NULL) {
   	    offset2 = ftell(fp); /* offset at start of next line */
 	    length = (int)(strchr(linep, ' ') - linep);
+	    if (length > (sizeof(key) - 1))
+                return(0);
 	    strncpy(key, linep, length);
 	    key[length] = '\0';
 	    if(strcmp(key, searchkey) < 0) {	/* further in file */
Index: wordnet-3.0/lib/morph.c
===================================================================
--- wordnet-3.0.orig/lib/morph.c	2013-02-19 16:03:01.698031603 +0800
+++ wordnet-3.0/lib/morph.c	2013-02-19 16:06:14.850029761 +0800
@@ -51,21 +51,21 @@
     char *str;
     int strlen;
 } prepositions[NUMPREPS] = {
-    "to", 2,
-    "at", 2,
-    "of", 2,
-    "on", 2,
-    "off", 3,
-    "in", 2,
-    "out", 3,
-    "up", 2,
-    "down", 4,
-    "from", 4,
-    "with", 4,
-    "into", 4,
-    "for", 3,
-    "about", 5,
-    "between", 7,
+    { "to", 2 },
+    { "at", 2 },
+    { "of", 2 },
+    { "on", 2 },
+    { "off", 3 },
+    { "in", 2 },
+    { "out", 3 },
+    { "up", 2 },
+    { "down", 4 },
+    { "from", 4 },
+    { "with", 4 },
+    { "into", 4 },
+    { "for", 3 },
+    { "about", 5 },
+    { "between", 7 }
 };
 
 static FILE *exc_fps[NUMPARTS + 1];
@@ -144,18 +144,19 @@
     } else
 	sprintf(searchdir, DEFAULTPATH);
 #else
-    if ((env = getenv("WNSEARCHDIR")) != NULL)
-	strcpy(searchdir, env);
-    else if ((env = getenv("WNHOME")) != NULL)
-	sprintf(searchdir, "%s%s", env, DICTDIR);
-    else
+    if ((env = getenv("WNSEARCHDIR")) != NULL) {
+	snprintf(searchdir, sizeof(searchdir), "%s", env);
+    } else if ((env = getenv("WNHOME")) != NULL) {
+	snprintf(searchdir, sizeof(searchdir), "%s%s", env, DICTDIR);
+    } else {
 	strcpy(searchdir, DEFAULTPATH);
+    }
 #endif
 
     for (i = 1; i <= NUMPARTS; i++) {
-	sprintf(fname, EXCFILE, searchdir, partnames[i]);
+	snprintf(fname, sizeof(fname), EXCFILE, searchdir, partnames[i]);
 	if ((exc_fps[i] = fopen(fname, "r")) == NULL) {
-	    sprintf(msgbuf,
+	    snprintf(msgbuf, sizeof(msgbuf),
 		    "WordNet library error: Can't open exception file(%s)\n\n",
 		    fname);
 	    display_message(msgbuf);
@@ -178,13 +179,16 @@
     int prep;
     char *end_idx1, *end_idx2;
     char *append;
-    
+
     if (pos == SATELLITE)
 	pos = ADJ;
 
     /* First time through for this string */
 
     if (origstr != NULL) {
+        if (strlen(origstr) > WORDBUF - 1)
+            return(NULL);
+
 	/* Assume string hasn't had spaces substitued with '_' */
 	strtolower(strsubst(strcpy(str, origstr), ' ', '_'));
 	searchstr[0] = '\0';
@@ -232,7 +236,7 @@
 		if (end_idx < 0) return(NULL);		/* shouldn't do this */
 		strncpy(word, str + st_idx, end_idx - st_idx);
 		word[end_idx - st_idx] = '\0';
-		if(tmp = morphword(word, pos))
+		if ((tmp = morphword(word, pos)) != NULL)
 		    strcat(searchstr,tmp);
 		else
 		    strcat(searchstr,word);
@@ -240,7 +244,7 @@
 		st_idx = end_idx + 1;
 	    }
 	    
-	    if(tmp = morphword(strcpy(word, str + st_idx), pos)) 
+	    if ((tmp = morphword(strcpy(word, str + st_idx), pos)) != NULL)
 		strcat(searchstr,tmp);
 	    else
 		strcat(searchstr,word);
@@ -270,16 +274,15 @@
 {
     int offset, cnt;
     int i;
-    static char retval[WORDBUF];
-    char *tmp, tmpbuf[WORDBUF], *end;
-    
-    sprintf(retval,"");
-    sprintf(tmpbuf, "");
-    end = "";
-    
+    static char retval[WORDBUF] = "";
+    char *tmp, tmpbuf[WORDBUF] = "", *end = "";
+
     if(word == NULL) 
 	return(NULL);
 
+    if (strlen(word) > WORDBUF - 1)
+        return(NULL);
+
     /* first look for word on exception list */
     
     if((tmp = exc_lookup(word, pos)) != NULL)
@@ -335,7 +338,10 @@
 {
     char *pt1;
     static char copy[WORDBUF];
-    
+
+    if (strlen(word) > WORDBUF - 1)
+        return(NULL);
+
     strcpy(copy, word);
     if(strend(copy,sufx[ender])) {
 	pt1=strchr(copy,'\0');
@@ -368,13 +374,14 @@
 {
     static char line[WORDBUF], *beglp, *endlp;
     char *excline;
-    int found = 0;
 
     if (exc_fps[pos] == NULL)
 	return(NULL);
 
     /* first time through load line from exception file */
     if(word != NULL){
+        if (strlen(word) > WORDBUF - 1)
+           return(NULL);
 	if ((excline = bin_search(word, exc_fps[pos])) != NULL) {
 	    strcpy(line, excline);
 	    endlp = strchr(line,' ');
@@ -403,6 +410,9 @@
     char word[WORDBUF], end[WORDBUF];
     static char retval[WORDBUF];
 
+    if (strlen(s) > WORDBUF - 1)
+        return (NULL);
+
     /* Assume that the verb is the first word in the phrase.  Strip it
        off, check for validity, then try various morphs with the
        rest of the phrase tacked on, trying to find a match. */
@@ -410,7 +420,7 @@
     rest = strchr(s, '_');
     last = strrchr(s, '_');
     if (rest != last) {		/* more than 2 words */
-	if (lastwd = morphword(last + 1, NOUN)) {
+	if ((lastwd = morphword(last + 1, NOUN)) != NULL) {
 	    strncpy(end, rest, last - rest + 1);
 	    end[last-rest+1] = '\0';
 	    strcat(end, lastwd);
Index: wordnet-3.0/lib/search.c
===================================================================
--- wordnet-3.0.orig/lib/search.c	2013-02-19 16:03:01.698031603 +0800
+++ wordnet-3.0/lib/search.c	2013-02-19 16:03:01.690031603 +0800
@@ -13,6 +13,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <assert.h>
+#include <limits.h>
 
 #include "wn.h"
 
@@ -119,33 +120,22 @@
     if ( !line )
       line = read_index( offset, indexfps[dbase] );
     
-    idx = (IndexPtr)malloc(sizeof(Index));
+    idx = (IndexPtr)calloc(1, sizeof(Index));
     assert(idx);
 
     /* set offset of entry in index file */
     idx->idxoffset = offset;
     
-    idx->wd='\0';
-    idx->pos='\0';
-    idx->off_cnt=0;
-    idx->tagged_cnt = 0;
-    idx->sense_cnt=0;
-    idx->offset='\0';
-    idx->ptruse_cnt=0;
-    idx->ptruse='\0';
-    
     /* get the word */
     ptrtok=strtok(line," \n");
     
-    idx->wd = malloc(strlen(ptrtok) + 1);
+    idx->wd = strdup(ptrtok);
     assert(idx->wd);
-    strcpy(idx->wd, ptrtok);
     
     /* get the part of speech */
     ptrtok=strtok(NULL," \n");
-    idx->pos = malloc(strlen(ptrtok) + 1);
+    idx->pos = strdup(ptrtok);
     assert(idx->pos);
-    strcpy(idx->pos, ptrtok);
     
     /* get the collins count */
     ptrtok=strtok(NULL," \n");
@@ -154,7 +144,12 @@
     /* get the number of pointers types */
     ptrtok=strtok(NULL," \n");
     idx->ptruse_cnt = atoi(ptrtok);
-    
+
+    if (idx->ptruse_cnt < 0 || (unsigned int)idx->ptruse_cnt > UINT_MAX/sizeof(int)) {
+        free_index(idx);
+        return(NULL);
+    }
+
     if (idx->ptruse_cnt) {
 	idx->ptruse = (int *) malloc(idx->ptruse_cnt * (sizeof(int)));
 	assert(idx->ptruse);
@@ -173,9 +168,14 @@
     /* get the number of senses that are tagged */
     ptrtok=strtok(NULL," \n");
     idx->tagged_cnt = atoi(ptrtok);
-        
+
+    if (idx->off_cnt < 0 || (unsigned long)idx->off_cnt > ULONG_MAX/sizeof(long)) {
+        free_index(idx);
+        return(NULL);
+    }
+
     /* make space for the offsets */
-    idx->offset = (long *) malloc(idx->off_cnt * (sizeof(long)));
+    idx->offset = (unsigned long *) malloc(idx->off_cnt * sizeof(long));
     assert(idx->offset);
     
     /* get the offsets */
@@ -197,15 +197,21 @@
     char strings[MAX_FORMS][WORDBUF]; /* vector of search strings */
     static IndexPtr offsets[MAX_FORMS];
     static int offset;
-    
+
     /* This works like strrok(): if passed with a non-null string,
        prepare vector of search strings and offsets.  If string
        is null, look at current list of offsets and return next
        one, or NULL if no more alternatives for this word. */
 
     if (searchstr != NULL) {
+        /* Bail out if the input is too long for us to handle */
+        if (strlen(searchstr) > (WORDBUF - 1)) {
+            strcpy(msgbuf, "WordNet library error: search term is too long\n");
+                   display_message(msgbuf);
+            return(NULL);
+        }
 
-	offset = 0;
+    	offset = 0;
 	strtolower(searchstr);
 	for (i = 0; i < MAX_FORMS; i++) {
 	    strcpy(strings[i], searchstr);
@@ -229,11 +235,11 @@
 	/* Get offset of first entry.  Then eliminate duplicates
 	   and get offsets of unique strings. */
 
-	if (strings[0][0] != NULL)
+	if (strings[0] != NULL)
 	    offsets[0] = index_lookup(strings[0], dbase);
 
 	for (i = 1; i < MAX_FORMS; i++)
-	    if ((strings[i][0]) != NULL && (strcmp(strings[0], strings[i])))
+	    if (strings[i] != NULL && (strcmp(strings[0], strings[i])))
 		offsets[i] = index_lookup(strings[i], dbase);
     }
 
@@ -272,7 +278,7 @@
 SynsetPtr parse_synset(FILE *fp, int dbase, char *word)
 {
     static char line[LINEBUF];
-    char tbuf[SMLINEBUF];
+    char tbuf[SMLINEBUF] = "";
     char *ptrtok;
     char *tmpptr;
     int foundpert = 0;
@@ -286,33 +292,11 @@
     if ((tmpptr = fgets(line, LINEBUF, fp)) == NULL)
 	return(NULL);
     
-    synptr = (SynsetPtr)malloc(sizeof(Synset));
+    synptr = (SynsetPtr)calloc(1, sizeof(Synset));
     assert(synptr);
-    
-    synptr->hereiam = 0;
+
     synptr->sstype = DONT_KNOW;
-    synptr->fnum = 0;
-    synptr->pos = '\0';
-    synptr->wcount = 0;
-    synptr->words = '\0';
-    synptr->whichword = 0;
-    synptr->ptrcount = 0;
-    synptr->ptrtyp = '\0';
-    synptr->ptroff = '\0';
-    synptr->ppos = '\0';
-    synptr->pto = '\0';
-    synptr->pfrm = '\0';
-    synptr->fcount = 0;
-    synptr->frmid = '\0';
-    synptr->frmto = '\0';
-    synptr->defn = '\0';
-    synptr->key = 0;
-    synptr->nextss = NULL;
-    synptr->nextform = NULL;
     synptr->searchtype = -1;
-    synptr->ptrlist = NULL;
-    synptr->headword = NULL;
-    synptr->headsense = 0;
 
     ptrtok = line;
     
@@ -322,7 +306,7 @@
 
     /* sanity check - make sure starting file offset matches first field */
     if (synptr->hereiam != loc) {
-	sprintf(msgbuf, "WordNet library error: no synset at location %d\n",
+	sprintf(msgbuf, "WordNet library error: no synset at location %ld\n",
 		loc);
 	display_message(msgbuf);
 	free(synptr);
@@ -335,16 +319,20 @@
     
     /* looking at POS */
     ptrtok = strtok(NULL, " \n");
-    synptr->pos = malloc(strlen(ptrtok) + 1);
+    synptr->pos = strdup(ptrtok);
     assert(synptr->pos);
-    strcpy(synptr->pos, ptrtok);
     if (getsstype(synptr->pos) == SATELLITE)
 	synptr->sstype = INDIRECT_ANT;
     
     /* looking at numwords */
     ptrtok = strtok(NULL, " \n");
     synptr->wcount = strtol(ptrtok, NULL, 16);
-    
+
+    if (synptr->wcount < 0 || (unsigned int)synptr->wcount > UINT_MAX/sizeof(char *)) {
+        free_syns(synptr);
+        return(NULL);
+    }
+
     synptr->words = (char **)malloc(synptr->wcount  * sizeof(char *));
     assert(synptr->words);
     synptr->wnsns = (int *)malloc(synptr->wcount * sizeof(int));
@@ -354,9 +342,8 @@
     
     for (i = 0; i < synptr->wcount; i++) {
 	ptrtok = strtok(NULL, " \n");
-	synptr->words[i] = malloc(strlen(ptrtok) + 1);
+	synptr->words[i] = strdup(ptrtok);
 	assert(synptr->words[i]);
-	strcpy(synptr->words[i], ptrtok);
 	
 	/* is this the word we're looking for? */
 	
@@ -371,6 +358,12 @@
     ptrtok = strtok(NULL," \n");
     synptr->ptrcount = atoi(ptrtok);
 
+    /* Should we check for long here as well? */
+    if (synptr->ptrcount < 0 || (unsigned int)synptr->ptrcount > UINT_MAX/sizeof(int)) {
+        free_syns(synptr);
+        return(NULL);
+    }
+
     if (synptr->ptrcount) {
 
 	/* alloc storage for the pointers */
@@ -455,21 +448,23 @@
     ptrtok = strtok(NULL," \n");
     if (ptrtok) {
 	ptrtok = strtok(NULL," \n");
-	sprintf(tbuf, "");
 	while (ptrtok != NULL) {
+	    if (strlen(ptrtok) + strlen(tbuf) + 1 + 1 > sizeof(tbuf)) {
+                free_syns(synptr);
+                return(NULL);
+	    }
 	    strcat(tbuf,ptrtok);
 	    ptrtok = strtok(NULL, " \n");
 	    if(ptrtok)
 		strcat(tbuf," ");
 	}
-	assert((1 + strlen(tbuf)) < sizeof(tbuf));
-	synptr->defn = malloc(strlen(tbuf) + 4);
+	synptr->defn = malloc(strlen(tbuf) + 3);
 	assert(synptr->defn);
 	sprintf(synptr->defn,"(%s)",tbuf);
     }
 
     if (keyindexfp) { 		/* we have unique keys */
-	sprintf(tmpbuf, "%c:%8.8d", partchars[dbase], synptr->hereiam);
+	sprintf(tmpbuf, "%c:%8.8ld", partchars[dbase], synptr->hereiam);
 	synptr->key = GetKeyForOffset(tmpbuf);
     }
 
@@ -635,7 +630,7 @@
 
 	    if ((ptrtyp == PERTPTR || ptrtyp == PPLPTR) &&
 		synptr->pto[i] != 0) {
-		sprintf(tbuf, " (Sense %d)\n",
+		snprintf(tbuf, sizeof(tbuf), " (Sense %d)\n",
 			cursyn->wnsns[synptr->pto[i] - 1]);
 		printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],
 			    SKIP_ANTS, PRINT_MARKER);
@@ -656,7 +651,7 @@
 		    traceptrs(cursyn, HYPERPTR, getpos(cursyn->pos), 0);
 		}
 	    } else if (ptrtyp == ANTPTR && dbase != ADJ && synptr->pto[i] != 0) {
-		sprintf(tbuf, " (Sense %d)\n",
+		snprintf(tbuf, sizeof(tbuf), " (Sense %d)\n",
 			cursyn->wnsns[synptr->pto[i] - 1]);
 		printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],
 			    SKIP_ANTS, PRINT_MARKER);
@@ -817,7 +812,7 @@
 	    	    
 	    cursyn = read_synset(synptr->ppos[i], synptr->ptroff[i], "");
 
-	    sprintf(tbuf, "#%d\n",
+	    snprintf(tbuf, sizeof(tbuf), "#%d\n",
 		    cursyn->wnsns[synptr->pto[i] - 1]);
 	    printsynset(prefix, cursyn, tbuf, DEFOFF, synptr->pto[i],
 			SKIP_ANTS, SKIP_MARKER);
@@ -989,12 +984,12 @@
     char sentbuf[512];
     
     if (vsentfilefp != NULL) {
-	if (line = bin_search(offset, vsentfilefp)) {
+	if ((line = bin_search(offset, vsentfilefp)) != NULL) {
 	    while(*line != ' ') 
 		line++;
 
 	    printbuffer("          EX: ");
-	    sprintf(sentbuf, line, wd);
+	    snprintf(sentbuf, sizeof(sentbuf), line, wd);
 	    printbuffer(sentbuf);
 	}
     }
@@ -1011,7 +1006,7 @@
     if (vidxfilefp != NULL) {
 	wdnum = synptr->whichword - 1;
 
-	sprintf(tbuf,"%s%%%-1.1d:%-2.2d:%-2.2d::",
+	snprintf(tbuf, sizeof(tbuf), "%s%%%-1.1d:%-2.2d:%-2.2d::",
 		synptr->words[wdnum],
 		getpos(synptr->pos),
 		synptr->fnum,
@@ -1124,7 +1119,7 @@
 	if (cnt >= 17 && cnt <= 32) familiar = 6;
 	if (cnt > 32 ) familiar = 7;
 	
-	sprintf(tmpbuf,
+	snprintf(tmpbuf, sizeof(tmpbuf),
 		"\n%s used as %s is %s (polysemy count = %d)\n",
 		index->wd, a_an[getpos(index->pos)], freqcats[familiar], cnt);
 	printbuffer(tmpbuf);
@@ -1147,6 +1142,9 @@
    }
    rewind(inputfile);
 
+   if (strlen(word_passed) + 1 > sizeof(word))
+       return;
+
    strcpy (word, word_passed);
    ToLowerCase(word);		/* map to lower case for index file search */
    strsubst (word, ' ', '_');	/* replace spaces with underscores */
@@ -1169,7 +1167,7 @@
             ((line[loc + wordlen] == '-') || (line[loc + wordlen] == '_')))
          ) {
             strsubst (line, '_', ' ');
-            sprintf (tmpbuf, "%s\n", line);
+            snprintf (tmpbuf, sizeof(tmpbuf), "%s\n", line);
             printbuffer (tmpbuf);
             break;
          }
@@ -1683,9 +1681,8 @@
 		cursyn = read_synset(synptr->ppos[i],
 				      synptr->ptroff[i],
 				      "");
-		synptr->headword = malloc(strlen(cursyn->words[0]) + 1);
+		synptr->headword = strdup(cursyn->words[0]);
 		assert(synptr->headword);
-		strcpy(synptr->headword, cursyn->words[0]);
 		synptr->headsense = cursyn->lexid[0];
 		free_synset(cursyn);
 		break;
@@ -2013,7 +2010,7 @@
     strsubst(strcpy(wdbuf, synptr->words[whichword - 1]), ' ', '_');
     strtolower(wdbuf);
 		       
-    if (idx = index_lookup(wdbuf, getpos(synptr->pos))) {
+    if ((idx = index_lookup(wdbuf, getpos(synptr->pos))) != NULL) {
 	for (i = 0; i < idx->off_cnt; i++)
 	    if (idx->offset[i] == synptr->hereiam) {
 		free_index(idx);
@@ -2037,7 +2034,7 @@
        by flags */
 
     if (offsetflag)		/* print synset offset */
-	sprintf(tbuf + strlen(tbuf),"{%8.8d} ", synptr->hereiam);
+	sprintf(tbuf + strlen(tbuf),"{%8.8ld} ", synptr->hereiam);
     if (fileinfoflag) {		/* print lexicographer file information */
 	sprintf(tbuf + strlen(tbuf), "<%s> ", lexfiles[synptr->fnum]);
 	prlexid = 1;		/* print lexicographer id after word */
@@ -2072,7 +2069,7 @@
     tbuf[0] = '\0';
 
     if (offsetflag)
-	sprintf(tbuf,"{%8.8d} ", synptr->hereiam);
+	sprintf(tbuf,"{%8.8ld} ", synptr->hereiam);
     if (fileinfoflag) {
 	sprintf(tbuf + strlen(tbuf),"<%s> ", lexfiles[synptr->fnum]);
 	prlexid = 1;
Index: wordnet-3.0/lib/wnutil.c
===================================================================
--- wordnet-3.0.orig/lib/wnutil.c	2013-02-19 16:03:01.698031603 +0800
+++ wordnet-3.0/lib/wnutil.c	2013-02-19 16:03:01.690031603 +0800
@@ -48,7 +48,7 @@
     char *env;
 
     if (!done) {
-	if (env = getenv("WNDBVERSION")) {
+	if ((env = getenv("WNDBVERSION")) != NULL) {
 	    wnrelease = strdup(env);	/* set release */
 	    assert(wnrelease);
 	}
@@ -70,7 +70,7 @@
 
     closefps();
 
-    if (env = getenv("WNDBVERSION")) {
+    if ((env = getenv("WNDBVERSION")) != NULL) {
 	wnrelease = strdup(env);	/* set release */
 	assert(wnrelease);
     }
@@ -149,25 +149,25 @@
 	sprintf(searchdir, DEFAULTPATH);
 #else
     if ((env = getenv("WNSEARCHDIR")) != NULL)
-	strcpy(searchdir, env);
+	snprintf(searchdir, sizeof(searchdir), "%s", env);
     else if ((env = getenv("WNHOME")) != NULL)
-	sprintf(searchdir, "%s%s", env, DICTDIR);
+	snprintf(searchdir, sizeof(searchdir), "%s%s", env, DICTDIR);
     else
 	strcpy(searchdir, DEFAULTPATH);
 #endif
 
     for (i = 1; i < NUMPARTS + 1; i++) {
-	sprintf(tmpbuf, DATAFILE, searchdir, partnames[i]);
+	snprintf(tmpbuf, sizeof(tmpbuf), DATAFILE, searchdir, partnames[i]);
 	if((datafps[i] = fopen(tmpbuf, "r")) == NULL) {
-	    sprintf(msgbuf,
+	    snprintf(msgbuf, sizeof(msgbuf),
 		    "WordNet library error: Can't open datafile(%s)\n",
 		    tmpbuf);
 	    display_message(msgbuf);
 	    openerr = -1;
 	}
-	sprintf(tmpbuf, INDEXFILE, searchdir, partnames[i]);
+	snprintf(tmpbuf, sizeof(tmpbuf), INDEXFILE, searchdir, partnames[i]);
 	if((indexfps[i] = fopen(tmpbuf, "r")) == NULL) {
-	    sprintf(msgbuf,
+	    snprintf(msgbuf, sizeof(msgbuf),
 		    "WordNet library error: Can't open indexfile(%s)\n",
 		    tmpbuf);
 	    display_message(msgbuf);
@@ -178,35 +178,35 @@
     /* This file isn't used by the library and doesn't have to
        be present.  No error is reported if the open fails. */
 
-    sprintf(tmpbuf, SENSEIDXFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), SENSEIDXFILE, searchdir);
     sensefp = fopen(tmpbuf, "r");
 
     /* If this file isn't present, the runtime code will skip printint out
        the number of times each sense was tagged. */
 
-    sprintf(tmpbuf, CNTLISTFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), CNTLISTFILE, searchdir);
     cntlistfp = fopen(tmpbuf, "r");
 
     /* This file doesn't have to be present.  No error is reported if the
        open fails. */
 
-    sprintf(tmpbuf, KEYIDXFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), KEYIDXFILE, searchdir);
     keyindexfp = fopen(tmpbuf, "r");
 
-    sprintf(tmpbuf, REVKEYIDXFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), REVKEYIDXFILE, searchdir);
     revkeyindexfp = fopen(tmpbuf, "r");
 
-    sprintf(tmpbuf, VRBSENTFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), VRBSENTFILE, searchdir);
     if ((vsentfilefp = fopen(tmpbuf, "r")) == NULL) {
-	sprintf(msgbuf,
+	snprintf(msgbuf, sizeof(msgbuf),
 "WordNet library warning: Can't open verb example sentence file(%s)\n",
 		tmpbuf);
 	display_message(msgbuf);
     }
 
-    sprintf(tmpbuf, VRBIDXFILE, searchdir);
+    snprintf(tmpbuf, sizeof(tmpbuf), VRBIDXFILE, searchdir);
     if ((vidxfilefp = fopen(tmpbuf, "r")) == NULL) {
-	sprintf(msgbuf,
+	snprintf(msgbuf, sizeof(msgbuf),
 "WordNet library warning: Can't open verb example sentence index file(%s)\n",
 		tmpbuf);
 	display_message(msgbuf);
Index: wordnet-3.0/src/wn.c
===================================================================
--- wordnet-3.0.orig/src/wn.c	2013-02-19 16:03:01.698031603 +0800
+++ wordnet-3.0/src/wn.c	2013-02-19 16:03:01.690031603 +0800
@@ -131,7 +131,7 @@
        printsearches(char *, int, unsigned long);
 static int error_message(char *);
 
-main(int argc,char *argv[])
+int main(int argc,char *argv[])
 {
     display_message = error_message;
     
@@ -228,14 +228,14 @@
 	printf("\n%s of %s %s\n%s",
 	       label, partnames[pos], searchword, outbuf);
 
-    if (morphword = morphstr(searchword, pos))
+    if ((morphword = morphstr(searchword, pos)) != NULL)
 	do {
 	    outbuf = findtheinfo(morphword, pos, search, whichsense);
 	    totsenses += wnresults.printcnt;
 	    if (strlen(outbuf) > 0) 
 		printf("\n%s of %s %s\n%s",
 		       label, partnames[pos], morphword, outbuf);
-	} while (morphword = morphstr(NULL, pos));
+	} while ((morphword = morphstr(NULL, pos)) != NULL);
 
     return(totsenses);
 }
