diff -u regex.orig/regerror.c regex/regerror.c
--- regex.orig/regerror.c	2011-08-09 19:49:30.000000000 +0800
+++ regex/regerror.c	2011-08-12 10:45:57.000000000 +0800
@@ -8,6 +8,7 @@
 #include "regex.h"
 #include "utils.h"
 #include "regerror.ih"
+#include "php.h"
 
 /*
  = #define	REG_OKAY	 0
@@ -74,17 +75,19 @@
 	char convbuf[50];
 
 	if (errcode == REG_ATOI)
-		s = regatoi(preg, convbuf);
+		s = regatoi(preg, convbuf, sizeof(convbuf));
 	else {
 		for (r = rerrs; r->code >= 0; r++)
 			if (r->code == target)
 				break;
 	
 		if (errcode&REG_ITOA) {
-			if (r->code >= 0)
-				(void) strcpy(convbuf, r->name);
-			else
-				sprintf(convbuf, "REG_0x%x", target);
+			if (r->code >= 0) {
+				(void) strncpy(convbuf, r->name, sizeof(convbuf) - 1);
+				convbuf[sizeof(convbuf) - 1] = '\0';
+			} else {
+				snprintf(convbuf, sizeof(convbuf), "REG_0x%x", target);
+			}
 			assert(strlen(convbuf) < sizeof(convbuf));
 			s = convbuf;
 		} else
@@ -106,12 +109,13 @@
 
 /*
  - regatoi - internal routine to implement REG_ATOI
- == static char *regatoi(const regex_t *preg, char *localbuf);
+ == static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
  */
 static char *
-regatoi(preg, localbuf)
+regatoi(preg, localbuf, bufsize)
 const regex_t *preg;
 char *localbuf;
+int bufsize;
 {
 	register const struct rerr *r;
 
@@ -121,6 +125,6 @@
 	if (r->code < 0)
 		return("0");
 
-	sprintf(localbuf, "%d", r->code);
+	snprintf(localbuf, bufsize, "%d", r->code);
 	return(localbuf);
 }
diff -u regex.orig/regerror.ih regex/regerror.ih
--- regex.orig/regerror.ih	2011-08-09 19:49:00.000000000 +0800
+++ regex/regerror.ih	2011-08-09 19:41:07.000000000 +0800
@@ -4,7 +4,7 @@
 #endif
 
 /* === regerror.c === */
-static char *regatoi(const regex_t *preg, char *localbuf);
+static char *regatoi(const regex_t *preg, char *localbuf, int bufsize);
 
 #ifdef __cplusplus
 }