Index: trunk/i386/boot2/drivers.c
===================================================================
--- trunk/i386/boot2/drivers.c	(revision 2620)
+++ trunk/i386/boot2/drivers.c	(revision 2621)
@@ -203,7 +203,7 @@
 		}
 
 		// Next try to load Extra extensions from the selected root partition.
-		strcpy(dirSpecExtra, "/Extra/");
+		strlcpy(dirSpecExtra, "/Extra/", sizeof(dirSpecExtra));
 		if (FileLoadDrivers(dirSpecExtra, 0) != 0)
 		{
 			// If failed, then try to load Extra extensions from the boot partition
@@ -215,7 +215,7 @@
 				sprintf(dirSpecExtra, "bt(0,0)/Extra/%s/", &gMacOSVersion);
 				if (FileLoadDrivers(dirSpecExtra, 0) != 0) {
 					// Next we'll try the base
-					strcpy(dirSpecExtra, "bt(0,0)/Extra/");
+					strlcpy(dirSpecExtra, "bt(0,0)/Extra/", sizeof(dirSpecExtra));
 					FileLoadDrivers(dirSpecExtra, 0);
 				}
 			}
@@ -228,12 +228,15 @@
 			// The /Extra code is not disabled in this case due to a kernel patch that allows for this to happen.
 
 			// Also try to load Extensions from boot helper partitions.
-			if (gBootVolume->flags & kBVFlagBooter) {
-				strcpy(dirSpecExtra, "/com.apple.boot.P/System/Library/");
-				if (FileLoadDrivers(dirSpecExtra, 0) != 0) {
-					strcpy(dirSpecExtra, "/com.apple.boot.R/System/Library/");
-					if (FileLoadDrivers(dirSpecExtra, 0) != 0) {
-						strcpy(dirSpecExtra, "/com.apple.boot.S/System/Library/");
+			if (gBootVolume->flags & kBVFlagBooter)
+			{
+				strlcpy(dirSpecExtra, "/com.apple.boot.P/System/Library/", sizeof(dirSpecExtra));
+				if (FileLoadDrivers(dirSpecExtra, 0) != 0)
+				{
+					strlcpy(dirSpecExtra, "/com.apple.boot.R/System/Library/", sizeof(dirSpecExtra));
+					if (FileLoadDrivers(dirSpecExtra, 0) != 0)
+					{
+						strlcpy(dirSpecExtra, "/com.apple.boot.S/System/Library/", sizeof(dirSpecExtra));
 						FileLoadDrivers(dirSpecExtra, 0);
 					}
 				}
@@ -352,7 +355,7 @@
 
 		// Make sure this is a kext.
 		length = strlen(name);
-		if (strcmp(name + length - 5, ".kext"))
+		if (strncmp(name + length - 5, ".kext", 5))
 		{
 			continue;
 		}
@@ -514,7 +517,7 @@
 	if (tmpExecutablePath == 0) {
 		break;
 	}
-	strcpy(tmpExecutablePath, gFileSpec);
+	strlcpy(tmpExecutablePath, gFileSpec, executablePathLength);
 
 	if(name)
 	{
@@ -532,7 +535,7 @@
 		break;
 	}
 
-	strcpy(tmpBundlePath, gFileSpec);
+	strlcpy(tmpBundlePath, gFileSpec, bundlePathLength);
 
 	// Construct the file spec to the plist, then load it.
 
@@ -546,16 +549,20 @@
 	}
 
 	length = LoadFile(gFileSpec);
+
 	if (length == -1)
 	{
 		break;
 	}
+
 	length = length + 1;
 	buffer = malloc(length);
+
 	if (buffer == 0)
 	{
 		break;
 	}
+
 	strlcpy(buffer, (char *)kLoadAddr, length);
 
 	// Parse the plist.
@@ -708,12 +715,12 @@
 				driver->bundlePathLength = module->bundlePathLength;
 
 				// Save the plist, module and bundle.
-				strcpy(driver->plistAddr, module->plistAddr);
+				strlcpy(driver->plistAddr, module->plistAddr,driver->plistLength);
 				if (length != 0)
 				{
 					memcpy(driver->executableAddr, executableAddr, length);
 				}
-				strcpy(driver->bundlePathAddr, module->bundlePath);
+				strlcpy(driver->bundlePathAddr, module->bundlePath, module->bundlePathLength);
 
 				// Add an entry to the memory map.
 				snprintf(segName, sizeof(segName), "Driver-%lx", (unsigned long)driver);
Index: trunk/i386/boot2/gui.c
===================================================================
--- trunk/i386/boot2/gui.c	(revision 2620)
+++ trunk/i386/boot2/gui.c	(revision 2621)
@@ -265,8 +265,10 @@
 static int getImageIndexByName(const char *name)
 {
 	int i;
-	for (i = 0; i < sizeof(images) / sizeof(images[0]); i++) {
-		if (strcmp(name, images[i].name) == 0) {
+	for (i = 0; i < sizeof(images) / sizeof(images[0]); i++)
+	{
+		if (strncmp(name, images[i].name, sizeof(images[i].name)) == 0)
+		{
 			return i; // found the name
 		}
 	}
@@ -284,7 +286,7 @@
 	// NOTE: This algorithm assumes that the embedded images are sorted.
 	// This is currently done using the make file. If the array is
 	// generated manualy, this *will* fail to work properly.
-	while((result = strcmp(name, embeddedImages[compareIndex].name)) != 0)
+	while((result = strncmp(name, embeddedImages[compareIndex].name, sizeof(embeddedImages[compareIndex].name))) != 0)
 	{
 		if (result > 0)	{ // We need to search a HIGHER index
 			if (compareIndex != lowerLimit) {
@@ -930,8 +932,9 @@
 	config_file_t	*config;
     
 	config = &bootInfo->themeConfig;
-	if (ParseXMLFile((char *)__theme_plist, &config->dictionary) != 0) {
-	return 1;
+	if (ParseXMLFile((char *)__theme_plist, &config->dictionary) != 0)
+	{
+		return 1;
 	}
 #else
 
Index: trunk/i386/boot2/options.c
===================================================================
--- trunk/i386/boot2/options.c	(revision 2620)
+++ trunk/i386/boot2/options.c	(revision 2621)
@@ -266,12 +266,12 @@
 	execute_hook("ClearArgs", NULL, NULL, NULL, NULL);
 }
 
-void addBootArg(const char * argStr)
+void addBootArg(const char *argStr)
 {
 	if ( (gBootArgsPtr + strlen(argStr) + 1) < gBootArgsEnd)
 	{
 		if(gBootArgsPtr != gBootArgs) *gBootArgsPtr++ = ' ';
-		strcat(gBootArgs, argStr);
+		strlcat(gBootArgs, argStr, BOOT_STRING_LEN);
 		gBootArgsPtr += strlen(argStr);
 	}
 }