diff -ru libzip-0.11.1.orig/lib/zip_close.c libzip-0.11.1/lib/zip_close.c --- libzip-0.11.1.orig/lib/zip_close.c 2013-08-08 11:01:26.000000000 +0200 +++ libzip-0.11.1/lib/zip_close.c 2013-08-08 11:03:07.000000000 +0200 @@ -596,18 +596,22 @@ FILE *tfp; if (za->tempdir) { - if ((temp=(char *)malloc(strlen(za->tempdir)+13)) == NULL) { + int len = strlen(za->tempdir)+13; + + if ((temp=(char *)malloc(len)) == NULL) { _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); return NULL; } - sprintf(temp, "%s/.zip.XXXXXX", za->tempdir); + snprintf(temp, len, "%s/.zip.XXXXXX", za->tempdir); } else { - if ((temp=(char *)malloc(strlen(za->zn)+8)) == NULL) { + int len = strlen(za->zn)+8; + + if ((temp=(char *)malloc(len)) == NULL) { _zip_error_set(&za->error, ZIP_ER_MEMORY, 0); return NULL; } - sprintf(temp, "%s.XXXXXX", za->zn); + snprintf(temp, len, "%s.XXXXXX", za->zn); } if ((tfd=mkstemp(temp)) == -1) { --- libzip-0.11.1.orig/lib/zip.h 2013-08-08 11:01:26.000000000 +0200 +++ libzip-0.11.1/lib/zip.h 2013-08-08 11:19:57.000000000 +0200 @@ -62,6 +62,8 @@ #define ZIP_EXCL 2 #define ZIP_CHECKCONS 4 #define ZIP_TRUNCATE 8 +/* PHP use this name, same behavior */ +#define ZIP_OVERWRITE 8 /* flags for zip_name_locate, zip_fopen, zip_stat, ... */