diff -urN trr19-1.0beta5.orig/trr_format.c trr19-1.0beta5/trr_format.c
--- trr19-1.0beta5.orig/trr_format.c	2006-12-22 02:58:26.000000000 +0100
+++ trr19-1.0beta5/trr_format.c	2006-12-22 02:56:12.000000000 +0100
@@ -54,6 +54,11 @@
   signal(SIGTERM, SIG_IGN);
 
   strcpy(textfile, TEXT_DIR);
+  if (argc < 2 || (strlen (TEXT_DIR) + strlen (argv[1])) >= 256){
+    fprintf (stderr, "%s: %s\n", argv[0], strerror (EINVAL));
+    exit(1);
+  }
+
   strcat(textfile, argv[1]);
   strcpy(formattedfile, textfile);
   strcat(formattedfile, ".formed");
diff -urN trr19-1.0beta5.orig/trr_update.c trr19-1.0beta5/trr_update.c
--- trr19-1.0beta5.orig/trr_update.c	1996-07-03 06:52:08.000000000 +0200
+++ trr19-1.0beta5/trr_update.c	2006-12-22 18:12:52.000000000 +0100
@@ -74,6 +74,11 @@
   }
 
   /* upfate high score file */
+  if (argc != 7 || (strlen (argv[1]) + strlen (".lock")) >= 256){
+    fprintf (stderr, "%s: %s\n", argv[0], strerror (EINVAL));
+    exit(1);
+  }
+
   strcat(scorefile, argv[1]);
   strcpy(lockfile, scorefile);
   strcat(lockfile, ".lock");