diff --git a/parser.c b/parser.c
index 5813a664..c424412f 100644
--- a/parser.c
+++ b/parser.c
@@ -7009,7 +7009,7 @@ xmlParseReference(xmlParserCtxtPtr ctxt) {
      */
     if (NXT(1) == '#') {
 	int i = 0;
-	xmlChar out[10];
+	xmlChar out[16];
 	int hex = NXT(2);
 	int value = xmlParseCharRef(ctxt);
 
diff --git a/runtest.c b/runtest.c
index addda5ca..80e498c7 100644
--- a/runtest.c
+++ b/runtest.c
@@ -587,8 +587,8 @@ static char *resultFilename(const char *filename, const char *out,
       suffixbuff[0]='_';
 #endif
 
-    snprintf(res, 499, "%s%s%s", out, base, suffixbuff);
-    res[499] = 0;
+    if (snprintf(res, 499, "%s%s%s", out, base, suffixbuff) >= 499)
+        res[499] = 0;
     return(strdup(res));
 }
 
@@ -2501,13 +2501,17 @@ xpathDocTest(const char *filename,
 	return(-1);
     }
 
-    snprintf(pattern, 499, "./test/XPath/tests/%s*", baseFilename(filename));
-    pattern[499] = 0;
+    res = snprintf(pattern, 499, "./test/XPath/tests/%s*",
+            baseFilename(filename));
+    if (res >= 499)
+        pattern[499] = 0;
     globbuf.gl_offs = 0;
     glob(pattern, GLOB_DOOFFS, NULL, &globbuf);
     for (i = 0;i < globbuf.gl_pathc;i++) {
-        snprintf(result, 499, "result/XPath/tests/%s",
+        res = snprintf(result, 499, "result/XPath/tests/%s",
 	         baseFilename(globbuf.gl_pathv[i]));
+        if (res >= 499)
+            result[499] = 0;
 	res = xpathCommonTest(globbuf.gl_pathv[i], &result[0], 0, 0);
 	if (res != 0)
 	    ret = res;
@@ -2549,13 +2553,17 @@ xptrDocTest(const char *filename,
 	return(-1);
     }
 
-    snprintf(pattern, 499, "./test/XPath/xptr/%s*", baseFilename(filename));
-    pattern[499] = 0;
+    res = snprintf(pattern, 499, "./test/XPath/xptr/%s*",
+            baseFilename(filename));
+    if (res >= 499)
+        pattern[499] = 0;
     globbuf.gl_offs = 0;
     glob(pattern, GLOB_DOOFFS, NULL, &globbuf);
     for (i = 0;i < globbuf.gl_pathc;i++) {
-        snprintf(result, 499, "result/XPath/xptr/%s",
+        res = snprintf(result, 499, "result/XPath/xptr/%s",
 	         baseFilename(globbuf.gl_pathv[i]));
+        if (res >= 499)
+            result[499] = 0;
 	res = xpathCommonTest(globbuf.gl_pathv[i], &result[0], 1, 0);
 	if (res != 0)
 	    ret = res;
@@ -3104,8 +3112,8 @@ schemasTest(const char *filename,
     memcpy(prefix, base, len);
     prefix[len] = 0;
 
-    snprintf(pattern, 499, "./test/schemas/%s_?.xml", prefix);
-    pattern[499] = 0;
+    if (snprintf(pattern, 499, "./test/schemas/%s_?.xml", prefix) >= 499)
+        pattern[499] = 0;
 
     if (base[len] == '_') {
         len += 2;
@@ -3123,12 +3131,14 @@ schemasTest(const char *filename,
 	len = strlen(base2);
 	if ((len > 6) && (base2[len - 6] == '_')) {
 	    count = base2[len - 5];
-	    snprintf(result, 499, "result/schemas/%s_%c",
+	    ret = snprintf(result, 499, "result/schemas/%s_%c",
 		     prefix, count);
-	    result[499] = 0;
-	    snprintf(err, 499, "result/schemas/%s_%c.err",
+            if (ret >= 499)
+	        result[499] = 0;
+	    ret = snprintf(err, 499, "result/schemas/%s_%c.err",
 		     prefix, count);
-	    err[499] = 0;
+            if (ret >= 499)
+	        err[499] = 0;
 	} else {
 	    fprintf(stderr, "don't know how to process %s\n", instance);
 	    continue;
@@ -3275,8 +3285,8 @@ rngTest(const char *filename,
     memcpy(prefix, base, len);
     prefix[len] = 0;
 
-    snprintf(pattern, 499, "./test/relaxng/%s_?.xml", prefix);
-    pattern[499] = 0;
+    if (snprintf(pattern, 499, "./test/relaxng/%s_?.xml", prefix) >= 499)
+        pattern[499] = 0;
 
     globbuf.gl_offs = 0;
     glob(pattern, GLOB_DOOFFS, NULL, &globbuf);
@@ -3288,12 +3298,14 @@ rngTest(const char *filename,
 	len = strlen(base2);
 	if ((len > 6) && (base2[len - 6] == '_')) {
 	    count = base2[len - 5];
-	    snprintf(result, 499, "result/relaxng/%s_%c",
+	    res = snprintf(result, 499, "result/relaxng/%s_%c",
 		     prefix, count);
-	    result[499] = 0;
-	    snprintf(err, 499, "result/relaxng/%s_%c.err",
+            if (res >= 499)
+	        result[499] = 0;
+	    res = snprintf(err, 499, "result/relaxng/%s_%c.err",
 		     prefix, count);
-	    err[499] = 0;
+            if (res >= 499)
+	        err[499] = 0;
 	} else {
 	    fprintf(stderr, "don't know how to process %s\n", instance);
 	    continue;
@@ -3301,7 +3313,7 @@ rngTest(const char *filename,
 	if (schemas == NULL) {
 	} else {
 	    nb_tests++;
-	    ret = rngOneTest(filename, instance, result, err,
+	    res = rngOneTest(filename, instance, result, err,
 	                         options, schemas);
 	    if (res != 0)
 		ret = res;
@@ -3364,8 +3376,8 @@ rngStreamTest(const char *filename,
         (!strcmp(prefix, "tutor8_2")))
 	disable_err = 1;
 
-    snprintf(pattern, 499, "./test/relaxng/%s_?.xml", prefix);
-    pattern[499] = 0;
+    if (snprintf(pattern, 499, "./test/relaxng/%s_?.xml", prefix) >= 499)
+        pattern[499] = 0;
 
     globbuf.gl_offs = 0;
     glob(pattern, GLOB_DOOFFS, NULL, &globbuf);
@@ -3377,12 +3389,14 @@ rngStreamTest(const char *filename,
 	len = strlen(base2);
 	if ((len > 6) && (base2[len - 6] == '_')) {
 	    count = base2[len - 5];
-	    snprintf(result, 499, "result/relaxng/%s_%c",
+	    ret = snprintf(result, 499, "result/relaxng/%s_%c",
 		     prefix, count);
-	    result[499] = 0;
-	    snprintf(err, 499, "result/relaxng/%s_%c.err",
+            if (ret >= 499)
+	        result[499] = 0;
+	    ret = snprintf(err, 499, "result/relaxng/%s_%c.err",
 		     prefix, count);
-	    err[499] = 0;
+            if (ret >= 499)
+	        err[499] = 0;
 	} else {
 	    fprintf(stderr, "don't know how to process %s\n", instance);
 	    continue;
@@ -3507,8 +3521,8 @@ patternTest(const char *filename,
     len -= 4;
     memcpy(xml, filename, len);
     xml[len] = 0;
-    snprintf(result, 499, "result/pattern/%s", baseFilename(xml));
-    result[499] = 0;
+    if (snprintf(result, 499, "result/pattern/%s", baseFilename(xml)) >= 499)
+        result[499] = 0;
     memcpy(xml + len, ".xml", 5);
 
     if (!checkTestFile(xml) && !update_results) {
@@ -3885,17 +3899,20 @@ c14nCommonTest(const char *filename, int with_comments, int mode,
     memcpy(prefix, base, len);
     prefix[len] = 0;
 
-    snprintf(buf, 499, "result/c14n/%s/%s", subdir,prefix);
+    if (snprintf(buf, 499, "result/c14n/%s/%s", subdir, prefix) >= 499)
+        buf[499] = 0;
     if (!checkTestFile(buf) && !update_results) {
         fprintf(stderr, "Missing result file %s", buf);
 	return(-1);
     }
     result = strdup(buf);
-    snprintf(buf, 499, "test/c14n/%s/%s.xpath", subdir,prefix);
+    if (snprintf(buf, 499, "test/c14n/%s/%s.xpath", subdir, prefix) >= 499)
+        buf[499] = 0;
     if (checkTestFile(buf)) {
 	xpath = strdup(buf);
     }
-    snprintf(buf, 499, "test/c14n/%s/%s.ns", subdir,prefix);
+    if (snprintf(buf, 499, "test/c14n/%s/%s.ns", subdir, prefix) >= 499)
+        buf[499] = 0;
     if (checkTestFile(buf)) {
 	ns = strdup(buf);
     }
diff --git a/testrecurse.c b/testrecurse.c
index f95ae1c3..64b9cd0b 100644
--- a/testrecurse.c
+++ b/testrecurse.c
@@ -632,8 +632,8 @@ static char *resultFilename(const char *filename, const char *out,
       suffixbuff[0]='_';
 #endif
 
-    snprintf(res, 499, "%s%s%s", out, base, suffixbuff);
-    res[499] = 0;
+    if (snprintf(res, 499, "%s%s%s", out, base, suffixbuff) >= 499)
+        res[499] = 0;
     return(strdup(res));
 }