Index: qemud/conf.c
===================================================================
RCS file: /data/cvs/libvirt/qemud/conf.c,v
retrieving revision 1.43
diff -u -p -r1.43 conf.c
--- qemud/conf.c	16 Mar 2007 15:03:21 -0000	1.43
+++ qemud/conf.c	20 Mar 2007 16:23:54 -0000
@@ -1301,13 +1301,14 @@ int qemudBuildCommandLine(struct qemud_s
     } else {
         int vlan = 0;
         while (net) {
-            char nic[3+1+7+1+17+1];
+            char nic[100];
 
-            sprintf(nic, "nic,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d",
-                    net->mac[0], net->mac[1],
-                    net->mac[2], net->mac[3],
-                    net->mac[4], net->mac[5],
-                    vlan);
+            if (snprintf(nic, sizeof(nic), "nic,macaddr=%02x:%02x:%02x:%02x:%02x:%02x,vlan=%d",
+                         net->mac[0], net->mac[1],
+                         net->mac[2], net->mac[3],
+                         net->mac[4], net->mac[5],
+                         vlan) >= sizeof(nic))
+                goto error;
 
             if (!((*argv)[++n] = strdup("-net")))
                 goto no_memory;