diff --git a/NEWS b/NEWS
index 513e673e..c25a9bc5 100644
--- a/NEWS
+++ b/NEWS
@@ -5,6 +5,7 @@ top: terabytes -- thanks Tony Ernst
 ps: SCHED_BATCH is B
 ps: fix s format (signals) output with thread display
 watch: avoid integer overflow for the time delay
+pwdx: buffer overflow fixed -- thanks Ulf Harnhammar
 
 procps-3.2.5 --> procps-3.2.6
 
diff --git a/pwdx.c b/pwdx.c
index c1af1478..cb96a521 100644
--- a/pwdx.c
+++ b/pwdx.c
@@ -35,7 +35,7 @@ static void version(void)
 
 int main(int argc, char* argv[])
 {
-     char buf[PATH_MAX];
+     char buf[PATH_MAX+1];
      regex_t re;
      int i;
 
@@ -76,9 +76,9 @@ int main(int argc, char* argv[])
           // or nnnn, so a simple check based on the first char is
           // possible
           if (argv[i][0] != '/')
-               sprintf(buf, "/proc/%s/cwd", argv[i]);
+               snprintf(buf, sizeof buf, "/proc/%s/cwd", argv[i]);
           else
-               sprintf(buf, "%s/cwd", argv[i]);
+               snprintf(buf, sizeof buf, "%s/cwd", argv[i]);
 
           // buf contains /proc/nnnn/cwd symlink name on entry, the
           // target of that symlink on return