Index: src/wrjpgcom.c
--- src/wrjpgcom.c.orig
+++ src/wrjpgcom.c
@@ -438,7 +438,7 @@ main(int argc, char **argv)
                   (unsigned int)MAX_COM_LENGTH);
           exit(EXIT_FAILURE);
         }
-        strcpy(comment_arg, argv[argn] + 1);
+        strlcpy(comment_arg, argv[argn] + 1, MAX_COM_LENGTH);
         for (;;) {
           comment_length = (unsigned int)strlen(comment_arg);
           if (comment_length > 0 && comment_arg[comment_length - 1] == '"') {
@@ -453,8 +453,8 @@ main(int argc, char **argv)
                     (unsigned int)MAX_COM_LENGTH);
             exit(EXIT_FAILURE);
           }
-          strcat(comment_arg, " ");
-          strcat(comment_arg, argv[argn]);
+          strlcat(comment_arg, " ", MAX_COM_LENGTH);
+          strlcat(comment_arg, argv[argn], MAX_COM_LENGTH);
         }
       } else if (strlen(argv[argn]) >= (size_t)MAX_COM_LENGTH) {
         fprintf(stderr, "Comment text may not exceed %u bytes\n",
