diff --git a/addons/Makefile b/addons/Makefile
index 47da132470f5055835b306c99e30b95e8231e7ad..866d34b1a5029df9ccb6a635914600adbd940673 100644
--- a/addons/Makefile
+++ b/addons/Makefile
@@ -59,6 +59,7 @@ endif
 
 include $(ASTTOPDIR)/Makefile.moddir_rules
 
+chan_mobile.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 chan_ooh323.so: _ASTCFLAGS+=$(H323CFLAGS)
 $(call MOD_ADD_C,chan_ooh323,$(H323SOURCE))
 
diff --git a/apps/Makefile b/apps/Makefile
index a53bbe2b8bcb7e44b164ab630ce35f4a7cea3bcb..589293c1e6bc7a0c462351edf04cbea16a6c75f4 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -29,7 +29,11 @@ include $(ASTTOPDIR)/Makefile.moddir_rules
 
 $(call MOD_ADD_C,app_confbridge,$(wildcard confbridge/*.c))
 
+app_confbridge.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_meetme.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_minivm.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 app_voicemail.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_while.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 
 ifneq ($(findstring $(OSARCH), mingw32 cygwin ),)
   LIBS+= -lres_ael_share.so -lres_monitor.so -lres_speech.so
diff --git a/apps/app_minivm.c b/apps/app_minivm.c
index c09fba173af37970b019414bf0b98f3d6476b851..211acc1db5d0a3c020305d88d8cca98ac5e1eaec 100644
--- a/apps/app_minivm.c
+++ b/apps/app_minivm.c
@@ -2786,11 +2786,11 @@ static char *message_template_parse_emailbody(const char *configuration)
 	       switch (tmpwrite[1]) {
 	       case 'n':
 		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
-		      strncpy(tmpwrite, "\n", len);
+		      tmpwrite[0] = '\n';
 		      break;
 	       case 't':
 		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
-		      strncpy(tmpwrite, "\t", len);
+		      tmpwrite[0] = '\t';
 		      break;
 	       default:
 		      ast_log(LOG_NOTICE, "Substitution routine does not support this character: %c\n", tmpwrite[1]);
diff --git a/apps/app_queue.c b/apps/app_queue.c
index 1d7b0366e8de00b8e5b0d07ecf74de8558252a0f..c2962db2bfd9712d16092f5ebfca60c03d7c8de0 100644
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -6540,7 +6540,7 @@ static void escape_and_substitute(struct ast_channel *chan, const char *input,
 static void setup_mixmonitor(struct queue_ent *qe, const char *filename)
 {
 	char escaped_filename[256];
-	char file_with_ext[256];
+	char file_with_ext[sizeof(escaped_filename) + sizeof(qe->parent->monfmt)];
 	char mixmonargs[1512];
 	char escaped_monitor_exec[1024];
 	const char *monitor_options;
diff --git a/apps/app_sms.c b/apps/app_sms.c
index c50a68627b90f0acd50616efd97fe900c0981aad..0e379716dce15c2dbd90d9c049f38b9df509dc18 100644
--- a/apps/app_sms.c
+++ b/apps/app_sms.c
@@ -1214,7 +1214,7 @@ static void sms_compose2(sms_t *h, int more)
 {
 	struct ast_tm tm;
 	struct timeval now = h->scts;
-	char stm[9];
+	char stm[45];
 
 	h->omsg[0] = 0x00;                      /* set later... */
 	h->omsg[1] = 0;
diff --git a/apps/app_test.c b/apps/app_test.c
index 7981dbd9a0f48cb61f214dd25b050f466528f1c5..96772702a0b405845d1dfba9c612f203dacdd1c9 100644
--- a/apps/app_test.c
+++ b/apps/app_test.c
@@ -330,7 +330,6 @@ static int testserver_exec(struct ast_channel *chan, const char *data)
 {
 	int res = 0;
 	char testid[80]="";
-	char fn[80];
 	FILE *f;
 	if (ast_channel_state(chan) != AST_STATE_UP)
 		res = ast_answer(chan);
@@ -357,6 +356,8 @@ static int testserver_exec(struct ast_channel *chan, const char *data)
 	if (strchr(testid, '/'))
 		res = -1;
 	if ((res >=0) && (!ast_strlen_zero(testid))) {
+		char fn[PATH_MAX];
+
 		/* Got a Test ID!  Whoo hoo! */
 		/* Make the directory to hold the test results in case it's not there */
 		snprintf(fn, sizeof(fn), "%s/testresults", ast_config_AST_LOG_DIR);
diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index ce6a54d35d3e7324e7d7d155e63de3aea720f629..8d22cec021e2a4dd8af7015a6f184080b099bd00 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -1008,7 +1008,7 @@ struct mwi_sub {
 	int old_new;
 	int old_old;
 	char *uniqueid;
-	char mailbox[1];
+	char mailbox[0];
 };
 
 struct mwi_sub_task {
@@ -13103,7 +13103,7 @@ static int handle_subscribe(void *datap)
 	struct mwi_sub *mwi_sub;
 	struct mwi_sub_task *p = datap;
 
-	len = sizeof(*mwi_sub);
+	len = sizeof(*mwi_sub) + 1;
 	if (!ast_strlen_zero(p->mailbox))
 		len += strlen(p->mailbox);
 
diff --git a/channels/Makefile b/channels/Makefile
index 9f6f9d6aab87ac8ba7341be68f612975006cb1be..6398d9599a3fa886492dd86784d3be3e4385988e 100644
--- a/channels/Makefile
+++ b/channels/Makefile
@@ -30,6 +30,9 @@ $(call MOD_ADD_C,chan_dahdi,$(wildcard dahdi/*.c) sig_analog.c sig_pri.c sig_ss7
 $(call MOD_ADD_C,chan_misdn,misdn_config.c misdn/isdn_lib.c misdn/isdn_msg_parser.c)
 
 chan_mgcp.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_unistim.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_phone.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_sip.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 
 chan_misdn.o: _ASTCFLAGS+=-Imisdn
 misdn_config.o: _ASTCFLAGS+=-Imisdn
diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index c149763bc94cc63c431b344b4f60799fa5a74b64..36f5deb9b89d4e9e2295709a2e941ceb226ee531 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -1787,7 +1787,7 @@ static void publish_dahdichannel(struct ast_channel *chan, int span, const char
  */
 static void dahdi_ami_channel_event(struct dahdi_pvt *p, struct ast_channel *chan)
 {
-	char ch_name[20];
+	char ch_name[23];
 
 	if (p->channel < CHAN_PSEUDO) {
 		/* No B channel */
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 6c342a8beac1c2aa45fa9848b5a1740b5e99e9ad..28282dccd53790c36ca9654c1d4493149891aab0 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -14303,7 +14303,7 @@ static int iax2_matchmore(struct ast_channel *chan, const char *context, const c
 static int iax2_exec(struct ast_channel *chan, const char *context, const char *exten, int priority, const char *callerid, const char *data)
 {
 	char odata[256];
-	char req[256];
+	char req[sizeof(odata) + AST_MAX_CONTEXT + AST_MAX_EXTENSION + sizeof("IAX2//@")];
 	char *ncontext;
 	struct iax2_dpcache *dp = NULL;
 	struct ast_app *dial = NULL;
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index bfdc5d07f15105df2010421bd16b8ed4228d5c08..ad064220b74e19e2b872f8e2173b5d3e04b46950 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -35038,21 +35038,22 @@ AST_TEST_DEFINE(test_tcp_message_fragmentation)
 	struct ast_str *overflow;
 	struct {
 		char **fragments;
+		size_t fragment_count;
 		char **expected;
 		int num_expected;
 		const char *description;
 	} tests[] = {
-		{ normal, normal, 1, "normal" },
-		{ fragmented, normal, 1, "fragmented" },
-		{ fragmented_body, normal, 1, "fragmented_body" },
-		{ multi_fragment, normal, 1, "multi_fragment" },
-		{ multi_message, multi_message_divided, 2, "multi_message" },
-		{ multi_message_body, multi_message_body_divided, 2, "multi_message_body" },
-		{ multi_message_in_fragments, multi_message_divided, 2, "multi_message_in_fragments" },
-		{ compact, compact, 1, "compact" },
-		{ faux, faux, 1, "faux" },
-		{ folded, folded, 1, "folded" },
-		{ cl_in_body, cl_in_body, 1, "cl_in_body" },
+		{ normal, ARRAY_LEN(normal), normal, 1, "normal" },
+		{ fragmented, ARRAY_LEN(fragmented), normal, 1, "fragmented" },
+		{ fragmented_body, ARRAY_LEN(fragmented_body), normal, 1, "fragmented_body" },
+		{ multi_fragment, ARRAY_LEN(multi_fragment), normal, 1, "multi_fragment" },
+		{ multi_message, ARRAY_LEN(multi_message), multi_message_divided, 2, "multi_message" },
+		{ multi_message_body, ARRAY_LEN(multi_message_body), multi_message_body_divided, 2, "multi_message_body" },
+		{ multi_message_in_fragments, ARRAY_LEN(multi_message_in_fragments), multi_message_divided, 2, "multi_message_in_fragments" },
+		{ compact, ARRAY_LEN(compact), compact, 1, "compact" },
+		{ faux, ARRAY_LEN(faux), faux, 1, "faux" },
+		{ folded, ARRAY_LEN(folded), folded, 1, "folded" },
+		{ cl_in_body, ARRAY_LEN(cl_in_body), cl_in_body, 1, "cl_in_body" },
 	};
 	int i;
 	enum ast_test_result_state res = AST_TEST_PASS;
@@ -35080,7 +35081,7 @@ AST_TEST_DEFINE(test_tcp_message_fragmentation)
 	}
 	for (i = 0; i < ARRAY_LEN(tests); ++i) {
 		int num_messages = 0;
-		if (mock_tcp_loop(tests[i].fragments, ARRAY_LEN(tests[i].fragments),
+		if (mock_tcp_loop(tests[i].fragments, tests[i].fragment_count,
 					&overflow, tests[i].expected, &num_messages, test)) {
 			ast_test_status_update(test, "Failed to parse message '%s'\n", tests[i].description);
 			res = AST_TEST_FAIL;
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 0093a1fcb216fa195260a9d015bac47cb3901e2a..2b13e5eaaab9459950b7eee391e9363c361046e7 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -3706,49 +3706,49 @@ static char *skinny_debugs(void)
 	int posn = 0;
 
 	ptr = dbgcli_buf;
-	strncpy(ptr, "\0", 1);
+	ptr[0] = '\0';
 	if (skinnydebug & DEBUG_GENERAL) {
-		strncpy(ptr, "general ", 8);
+		strcpy(ptr, "general "); /* SAFE */
 		posn += 8;
 		ptr += 8;
 	}
 	if (skinnydebug & DEBUG_SUB) {
-		strncpy(ptr, "sub ", 4);
+		strcpy(ptr, "sub "); /* SAFE */
 		posn += 4;
 		ptr += 4;
 	}
 	if (skinnydebug & DEBUG_AUDIO) {
-		strncpy(ptr, "audio ", 6);
+		strcpy(ptr, "audio "); /* SAFE */
 		posn += 6;
 		ptr += 6;
 	}
 	if (skinnydebug & DEBUG_PACKET) {
-		strncpy(ptr, "packet ", 7);
+		strcpy(ptr, "packet "); /* SAFE */
 		posn += 7;
 		ptr += 7;
 	}
 	if (skinnydebug & DEBUG_LOCK) {
-		strncpy(ptr, "lock ", 5);
+		strcpy(ptr, "lock "); /* SAFE */
 		posn += 5;
 		ptr += 5;
 	}
 	if (skinnydebug & DEBUG_TEMPLATE) {
-		strncpy(ptr, "template ", 9);
+		strcpy(ptr, "template "); /* SAFE */
 		posn += 9;
 		ptr += 9;
 	}
 	if (skinnydebug & DEBUG_THREAD) {
-		strncpy(ptr, "thread ", 7);
+		strcpy(ptr, "thread "); /* SAFE */
 		posn += 7;
 		ptr += 7;
 	}
 	if (skinnydebug & DEBUG_HINT) {
-		strncpy(ptr, "hint ", 5);
+		strcpy(ptr, "hint "); /* SAFE */
 		posn += 5;
 		ptr += 5;
 	}
 	if (skinnydebug & DEBUG_KEEPALIVE) {
-		strncpy(ptr, "keepalive ", 10);
+		strcpy(ptr, "keepalive "); /* SAFE */
 		posn += 10;
 		ptr += 10;
 	}
@@ -6427,7 +6427,6 @@ static int handle_stimulus_message(struct skinny_req *req, struct skinnysession
 	case STIMULUS_CALLPARK:
 		{
 		char extout[AST_MAX_EXTENSION];
-		char message[32];
 		RAII_VAR(struct ast_bridge_channel *, bridge_channel, NULL, ao2_cleanup);
 		SKINNY_DEBUG(DEBUG_PACKET, 3, "Received STIMULUS_CALLPARK from %s, inst %d, callref %d\n",
 			d->name, instance, callreference);
@@ -6449,7 +6448,10 @@ static int handle_stimulus_message(struct skinny_req *req, struct skinnysession
 			}
 
 			if (!ast_parking_park_call(bridge_channel, extout, sizeof(extout))) {
-				snprintf(message, sizeof(message), "Call Parked at: %s", extout);
+				static const char msg_prefix[] = "Call Parked at: ";
+				char message[sizeof(msg_prefix) + sizeof(extout)];
+
+				snprintf(message, sizeof(message), "%s%s", msg_prefix, extout);
 				transmit_displaynotify(d, message, 10);
 				break;
 			}
@@ -7180,7 +7182,6 @@ static int handle_soft_key_event_message(struct skinny_req *req, struct skinnyse
 	case SOFTKEY_PARK:
 		{
 		char extout[AST_MAX_EXTENSION];
-		char message[32];
 		RAII_VAR(struct ast_bridge_channel *, bridge_channel, NULL, ao2_cleanup);
 		SKINNY_DEBUG(DEBUG_PACKET, 3, "Received SOFTKEY_PARK from %s, inst %d, callref %d\n",
 			d->name, instance, callreference);
@@ -7202,7 +7203,10 @@ static int handle_soft_key_event_message(struct skinny_req *req, struct skinnyse
 			}
 
 			if (!ast_parking_park_call(bridge_channel, extout, sizeof(extout))) {
-				snprintf(message, sizeof(message), "Call Parked at: %s", extout);
+				static const char msg_prefix[] = "Call Parked at: ";
+				char message[sizeof(msg_prefix) + sizeof(extout)];
+
+				snprintf(message, sizeof(message), "%s%s", msg_prefix, extout);
 				transmit_displaynotify(d, message, 10);
 				break;
 			}
diff --git a/channels/iax2/parser.c b/channels/iax2/parser.c
index 8880b9280ec09a3c1c193d89431ad60ab8bc6fd8..b94d306d586333fb4d252c9bf6d0cea323dbed4b 100644
--- a/channels/iax2/parser.c
+++ b/channels/iax2/parser.c
@@ -415,7 +415,7 @@ static void dump_ies(unsigned char *iedata, int len)
 	int x;
 	int found;
 	char interp[1024];
-	char tmp[1024];
+	char tmp[1046];
 
 	if (len < 2)
 		return;
diff --git a/configure b/configure
index 1ec61d22020f6d567b78ecbcbb63d338ad62487a..ac078ced7252f335243168726569ae3e94244f41 100755
--- a/configure
+++ b/configure
@@ -686,6 +686,7 @@ BIND8_CFLAGS
 AST_RPATH
 AST_NATIVE_ARCH
 AST_SHADOW_WARNINGS
+AST_NO_STRINGOP_TRUNCATION
 AST_NO_FORMAT_TRUNCATION
 AST_NO_STRICT_OVERFLOW
 AST_FORTIFY_SOURCE
@@ -18868,6 +18869,19 @@ $as_echo "no" >&6; }
 fi
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wno-stringop-truncation" >&5
+$as_echo_n "checking for -Wno-stringop-truncation... " >&6; }
+if $(${CC} -Wno-stringop-truncation -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	AST_NO_STRINGOP_TRUNCATION=-Wno-stringop-truncation
+else
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	AST_NO_STRINGOP_TRUNCATION=
+fi
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wshadow" >&5
 $as_echo_n "checking for -Wshadow... " >&6; }
 if $(${CC} -Wshadow -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
diff --git a/configure.ac b/configure.ac
index 1d8a834894bfd8c37d26175e717fa4e3feff43f1..f1c7ca8251703a3935e6b7535874578db5f0d705 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1309,6 +1309,16 @@ else
 fi
 AC_SUBST(AST_NO_FORMAT_TRUNCATION)
 
+AC_MSG_CHECKING(for -Wno-stringop-truncation)
+if $(${CC} -Wno-stringop-truncation -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
+	AC_MSG_RESULT(yes)
+	AST_NO_STRINGOP_TRUNCATION=-Wno-stringop-truncation
+else
+	AC_MSG_RESULT(no)
+	AST_NO_STRINGOP_TRUNCATION=
+fi
+AC_SUBST(AST_NO_STRINGOP_TRUNCATION)
+
 AC_MSG_CHECKING(for -Wshadow)
 if $(${CC} -Wshadow -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
 	AC_MSG_RESULT(yes)
diff --git a/funcs/Makefile b/funcs/Makefile
index 3f65070e33998e930d24b41e688fa1c70c1680bc..40df635d8836d05bb145e4c39da38970a323e984 100644
--- a/funcs/Makefile
+++ b/funcs/Makefile
@@ -25,3 +25,5 @@ include $(ASTTOPDIR)/Makefile.moddir_rules
 # warning must be disabled; for safety reasons, SPRINTF() is kept in
 # a separate module so that as little code as possible is left unchecked
 func_sprintf.o: _ASTCFLAGS+=-Wno-format-nonliteral
+
+func_groupcount.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
diff --git a/main/config.c b/main/config.c
index 2a16a34794d0af78bec19e1671c97da078b3b674..978e124eda4d6b204932710422e6b47ff707f2b7 100644
--- a/main/config.c
+++ b/main/config.c
@@ -1736,7 +1736,7 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 	char *c;
 	char *cur = buf;
 	struct ast_variable *v;
-	char cmd[512], exec_file[512];
+	char exec_file[512];
 
 	/* Actually parse the entry */
 	if (cur[0] == '[') { /* A category header */
@@ -1909,10 +1909,16 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 		   We create a tmp file, then we #include it, then we delete it. */
 		if (!do_include) {
 			struct timeval now = ast_tvnow();
+			char cmd[1024];
+
 			if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
 				config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked);
 			snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)now.tv_sec, (int)now.tv_usec, (long)pthread_self());
-			snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
+			if (snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file) >= sizeof(cmd)) {
+				ast_log(LOG_ERROR, "Failed to construct command string to execute %s.\n", cur);
+
+				return -1;
+			}
 			ast_safe_system(cmd);
 			cur = exec_file;
 		} else {
diff --git a/main/manager.c b/main/manager.c
index 0edc002284654adbb88575357823e756ae49ab26..ff5588e59f62831d984f34b0a104d2bf6589eed0 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -7998,7 +7998,8 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
 	/* compute the expected response to compare with what we received */
 	{
 		char *a2;
-		char a2_hash[256];
+		/* ast_md5_hash outputs 32 characters plus NULL terminator. */
+		char a2_hash[33];
 		char resp[256];
 
 		/* XXX Now request method are hardcoded in A2 */
diff --git a/main/pbx.c b/main/pbx.c
index 70e72fe432d463bf5e7a8efc68238ea20242d0f8..727018b4e7a71b04c76961245305c747933032ee 100644
--- a/main/pbx.c
+++ b/main/pbx.c
@@ -6235,7 +6235,7 @@ struct store_hint {
 	char *last_presence_message;
 
 	AST_LIST_ENTRY(store_hint) list;
-	char data[1];
+	char data[0];
 };
 
 AST_LIST_HEAD_NOLOCK(store_hints, store_hint);
diff --git a/makeopts.in b/makeopts.in
index 9caf322869ccf82ec915f70feaed95f755496038..44c281043ea77bacea58fccf11937aff357991c5 100644
--- a/makeopts.in
+++ b/makeopts.in
@@ -119,6 +119,7 @@ AST_DECLARATION_AFTER_STATEMENT=@AST_DECLARATION_AFTER_STATEMENT@
 AST_TRAMPOLINES=@AST_TRAMPOLINES@
 AST_NO_STRICT_OVERFLOW=@AST_NO_STRICT_OVERFLOW@
 AST_NO_FORMAT_TRUNCATION=@AST_NO_FORMAT_TRUNCATION@
+AST_NO_STRINGOP_TRUNCATION=@AST_NO_STRINGOP_TRUNCATION@
 AST_SHADOW_WARNINGS=@AST_SHADOW_WARNINGS@
 AST_NESTED_FUNCTIONS=@AST_NESTED_FUNCTIONS@
 AST_CLANG_BLOCKS=@AST_CLANG_BLOCKS@
diff --git a/pbx/dundi-parser.c b/pbx/dundi-parser.c
index 856f4ae0136e5d8f8032aec80c222db8bf488a38..808559c592584c4a7b6d546b40ea47b785fd710c 100644
--- a/pbx/dundi-parser.c
+++ b/pbx/dundi-parser.c
@@ -386,7 +386,7 @@ static void dump_ies(unsigned char *iedata, int spaces, int len)
 	int x;
 	int found;
 	char interp[1024];
-	char tmp[1024];
+	char tmp[1051];
 	if (len < 2)
 		return;
 	while(len >= 2) {
diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c
index e0aeb4903c0ca360045d58f3cefc2f8f8efc1ffe..d80f66029923e1e7497144e943225524c94a1a6d 100644
--- a/pbx/pbx_dundi.c
+++ b/pbx/pbx_dundi.c
@@ -1237,7 +1237,6 @@ static int cache_lookup_internal(time_t now, struct dundi_request *req, char *ke
 
 static int cache_lookup(struct dundi_request *req, dundi_eid *peer_eid, uint32_t crc, int *lowexpiration)
 {
-	char key[256];
 	char eid_str[20];
 	char eidroot_str[20];
 	time_t now;
@@ -1245,6 +1244,8 @@ static int cache_lookup(struct dundi_request *req, dundi_eid *peer_eid, uint32_t
 	int res2=0;
 	char eid_str_full[20];
 	char tmp[256]="";
+	/* Enough space for largest value that can be stored in key. */
+	char key[sizeof(eid_str) + sizeof(tmp) + sizeof(req->dcontext) + sizeof(eidroot_str) + sizeof("hint////r")];
 	int x;
 
 	time(&now);
diff --git a/res/Makefile b/res/Makefile
index ec3417b35be8cd211a4e19d36089ce7c5cebffca..5ff38ad1b5d98f1063cac6b0347621e4e147bcbc 100644
--- a/res/Makefile
+++ b/res/Makefile
@@ -29,7 +29,7 @@ endif
 res_config_ldap.o: _ASTCFLAGS+=-DLDAP_DEPRECATED
 
 ael/ael_lex.o: ael/ael_lex.c ../include/asterisk/ael_structs.h ael/ael.tab.h
-ael/ael_lex.o: _ASTCFLAGS+=-I. -Iael -Wno-unused
+ael/ael_lex.o: _ASTCFLAGS+=-I. -Iael -Wno-unused $(AST_NO_FORMAT_TRUNCATION)
 
 ael/ael.tab.o: ael/ael.tab.c ael/ael.tab.h ../include/asterisk/ael_structs.h
 ael/ael.tab.o: _ASTCFLAGS+=-I. -Iael -DYYENABLE_NLS=0
@@ -70,5 +70,7 @@ $(call MOD_ADD_C,res_ari,ari/cli.c ari/config.c ari/ari_websockets.c)
 $(call MOD_ADD_C,res_ari_model,ari/ari_model_validators.c)
 $(call MOD_ADD_C,res_stasis_recording,stasis_recording/stored.c)
 
+res_parking.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+
 # Dependencies for res_ari_*.so are generated, so they're in this file
 include ari.make
diff --git a/res/res_config_ldap.c b/res/res_config_ldap.c
index 15d9ec018bff9d2938e7baff8f24a229f979aa75..2e862b7a69bbcd11cd26ede04b678aca01ba7c2f 100644
--- a/res/res_config_ldap.c
+++ b/res/res_config_ldap.c
@@ -1959,9 +1959,7 @@ static int ldap_reconnect(void)
  */
 static char *realtime_ldap_status(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 {
-	char status[256];
-	char credentials[100] = "";
-	char buf[362]; /* 256+100+" for "+NULL */
+	struct ast_str *buf;
 	int ctimesec = time(NULL) - connect_time;
 
 	switch (cmd) {
@@ -1978,14 +1976,18 @@ static char *realtime_ldap_status(struct ast_cli_entry *e, int cmd, struct ast_c
 	if (!ldapConn)
 		return CLI_FAILURE;
 
-	if (!ast_strlen_zero(url))
-		snprintf(status, sizeof(status), "Connected to '%s', baseDN %s", url, base_distinguished_name);
+	buf = ast_str_create(512);
+	if (!ast_strlen_zero(url)) {
+		ast_str_append(&buf, 0, "Connected to '%s', baseDN %s", url, base_distinguished_name);
+	}
 
-	if (!ast_strlen_zero(user))
-		snprintf(credentials, sizeof(credentials), " with username %s", user);
+	if (!ast_strlen_zero(user)) {
+		ast_str_append(&buf, 0, " with username %s", user);
+	}
 
-	snprintf(buf, sizeof(buf), "%s%s for ", status, credentials);
-	ast_cli_print_timestr_fromseconds(a->fd, ctimesec, buf);
+	ast_str_append(&buf, 0, " for ");
+	ast_cli_print_timestr_fromseconds(a->fd, ctimesec, ast_str_buffer(buf));
+	ast_free(buf);
 
 	return CLI_SUCCESS;
 }
diff --git a/res/res_musiconhold.c b/res/res_musiconhold.c
index 1c8728cf70484262ee0a8a0dd58c6c2665b7416e..137f83bac79bfa91c5e26c3379e4d8eb47d51b00 100644
--- a/res/res_musiconhold.c
+++ b/res/res_musiconhold.c
@@ -1142,7 +1142,7 @@ static int moh_scan_files(struct mohclass *class) {
 
 	DIR *files_DIR;
 	struct dirent *files_dirent;
-	char dir_path[PATH_MAX];
+	char dir_path[PATH_MAX - sizeof(class->dir)];
 	char filepath[PATH_MAX];
 	char *ext;
 	struct stat statbuf;
diff --git a/res/res_pjsip/pjsip_resolver.c b/res/res_pjsip/pjsip_resolver.c
index d6646d50323474bf51bac137fe59535cfd96d42f..5fd446468bc9847ef21a4b922402787ff250cea0 100644
--- a/res/res_pjsip/pjsip_resolver.c
+++ b/res/res_pjsip/pjsip_resolver.c
@@ -566,23 +566,26 @@ static void sip_resolve(pjsip_resolver_t *resolver, pj_pool_t *pool, const pjsip
 		if (type == PJSIP_TRANSPORT_UNSPECIFIED ||
 			(type == PJSIP_TRANSPORT_TLS && sip_transport_is_available(PJSIP_TRANSPORT_TLS)) ||
 			(type == PJSIP_TRANSPORT_TLS6 && sip_transport_is_available(PJSIP_TRANSPORT_TLS6))) {
-			snprintf(srv, sizeof(srv), "_sips._tcp.%s", host);
-			res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
-				type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_TLS : type, 0);
+			if (snprintf(srv, sizeof(srv), "_sips._tcp.%s", host) < NI_MAXHOST) {
+				res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
+					type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_TLS : type, 0);
+			}
 		}
 		if (type == PJSIP_TRANSPORT_UNSPECIFIED ||
 			(type == PJSIP_TRANSPORT_TCP && sip_transport_is_available(PJSIP_TRANSPORT_TCP)) ||
 			(type == PJSIP_TRANSPORT_TCP6 && sip_transport_is_available(PJSIP_TRANSPORT_TCP6))) {
-			snprintf(srv, sizeof(srv), "_sip._tcp.%s", host);
-			res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
-				type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_TCP : type, 0);
+			if (snprintf(srv, sizeof(srv), "_sip._tcp.%s", host) < NI_MAXHOST) {
+				res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
+					type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_TCP : type, 0);
+			}
 		}
 		if (type == PJSIP_TRANSPORT_UNSPECIFIED ||
 			(type == PJSIP_TRANSPORT_UDP && sip_transport_is_available(PJSIP_TRANSPORT_UDP)) ||
 			(type == PJSIP_TRANSPORT_UDP6 && sip_transport_is_available(PJSIP_TRANSPORT_UDP6))) {
-			snprintf(srv, sizeof(srv), "_sip._udp.%s", host);
-			res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
-				type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_UDP : type, 0);
+			if (snprintf(srv, sizeof(srv), "_sip._udp.%s", host) < NI_MAXHOST) {
+				res |= sip_resolve_add(resolve, srv, T_SRV, C_IN,
+					type == PJSIP_TRANSPORT_UNSPECIFIED ? PJSIP_TRANSPORT_UDP : type, 0);
+			}
 		}
 	}
 
diff --git a/tests/Makefile b/tests/Makefile
index a65b88bac33cd221eaf96388bdf7814c9432f5ef..f64669bcdc898ee438dfe9cf4dbafeeea35df466 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -18,3 +18,6 @@ MENUSELECT_DESCRIPTION=Test Modules
 all: _all
 
 include $(ASTTOPDIR)/Makefile.moddir_rules
+
+test_strings.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION) $(AST_NO_STRINGOP_TRUNCATION)
+test_voicemail_api.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
diff --git a/utils/Makefile b/utils/Makefile
index 1af90a43174d17fbc511c55e4f359c79a85b265f..9e7b08bde3477d3ebfe8fde748414a67e6fb8a37 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -160,7 +160,7 @@ aelparse.c: $(ASTTOPDIR)/res/ael/ael_lex.c
 	$(CMD_PREFIX) sed 's/ast_debug([[:digit:]][[:digit:]]*/ast_log(LOG_DEBUG/' "$@" > "$@.new"
 	$(CMD_PREFIX) mv "$@.new" "$@"
 
-aelparse.o: _ASTCFLAGS+=-I$(ASTTOPDIR)/res -Wno-unused
+aelparse.o: _ASTCFLAGS+=-I$(ASTTOPDIR)/res -Wno-unused $(AST_NO_FORMAT_TRUNCATION)
 aelparse: LIBS+=-lm $(AST_CLANG_BLOCKS_LIBS)
 aelparse: aelparse.o aelbison.o pbx_ael.o hashtab.o lock.o ael_main.o ast_expr2f.o ast_expr2.o strcompat.o pval.o extconf.o
 
diff --git a/utils/ael_main.c b/utils/ael_main.c
index f22e9a05b2e010710df6da44a636be946e5a4d84..3bfee4803b48b63876c679697b02e72b775ca47b 100644
--- a/utils/ael_main.c
+++ b/utils/ael_main.c
@@ -373,7 +373,7 @@ void ast_context_add_switch2(struct ast_context *con, const char *value, const c
 	if( dump_extensions ) {
 		struct namelist *x;
 		x = create_name((char*)value);
-		strncpy(x->name2,data,100);
+		strncpy(x->name2, data, 99);
 		if( eval ) {
 
 			ADD_LAST(con->switches,x);
diff --git a/utils/astman.c b/utils/astman.c
index af3185104cde2629a0433b84c634239995cfd6ff..81ff3a97d8bb9bf99333a8a4ef6fa0f089e5603b 100644
--- a/utils/astman.c
+++ b/utils/astman.c
@@ -529,14 +529,15 @@ static void try_redirect(newtComponent c)
 	struct ast_chan *chan;
 	char dest[256];
 	struct message *m;
+	static const char tmp_prefix[] = "Enter new extension for ";
 	char channame[256];
-	char tmp[80];
+	char tmp[sizeof(tmp_prefix) + sizeof(channame)];
 	char *context;
 
 	chan = newtListboxGetCurrent(c);
 	if (chan) {
 		strncpy(channame, chan->name, sizeof(channame) - 1);
-		snprintf(tmp, sizeof(tmp), "Enter new extension for %s", channame);
+		snprintf(tmp, sizeof(tmp), "%s%s", tmp_prefix, channame);
 		if (get_user_input(tmp, dest, sizeof(dest)))
 			return;
 		if ((context = strchr(dest, '@'))) {
diff --git a/utils/db1-ast/hash/ndbm.c b/utils/db1-ast/hash/ndbm.c
index d702f737aea3601201988e593601eb00d9ec3950..16202eda0a0eeebd83c96625116d591fa9277bed 100644
--- a/utils/db1-ast/hash/ndbm.c
+++ b/utils/db1-ast/hash/ndbm.c
@@ -79,7 +79,7 @@ dbm_open(file, flags, mode)
 	info.cachesize = 0;
 	info.hash = NULL;
 	info.lorder = 0;
-	(void)strncpy(path, file, len - 1);
+	(void)strcpy(path, file); /* SAFE */
 	(void)strncat(path, DBM_SUFFIX, len - strlen(path) - 1);
 	db = (DBM *)__hash_open(path, flags, mode, &info, 0);
 #ifndef	__GNUC__
diff --git a/utils/extconf.c b/utils/extconf.c
index 5b3a95be9c4d5ddc77a351f159471490fa15ca4a..53f0be5fef146bee506ec431dac167b53e8f1b61 100644
--- a/utils/extconf.c
+++ b/utils/extconf.c
@@ -3144,7 +3144,7 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 	char *c;
 	char *cur = buf;
 	struct ast_variable *v;
-	char cmd[512], exec_file[512];
+	char exec_file[512];
 	int object, do_exec, do_include;
 
 	/* Actually parse the entry */
@@ -3258,8 +3258,14 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 				/* #exec </path/to/executable>
 				   We create a tmp file, then we #include it, then we delete it. */
 				if (do_exec) {
+					char cmd[1024];
+
 					snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d.%ld", (int)time(NULL), (long)pthread_self());
-					snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
+					if (snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file) >= sizeof(cmd)) {
+						ast_log(LOG_ERROR, "Failed to construct command string to execute %s.\n", cur);
+
+						return -1;
+					}
 					ast_safe_system(cmd);
 					cur = exec_file;
 				} else