diff --git a/addons/Makefile b/addons/Makefile
index 3d4045d8fce0c15108bef9a727d7d1a5cfe23713..0c11bfc506e753adeb0705921783b5eee15bc004 100644
--- a/addons/Makefile
+++ b/addons/Makefile
@@ -65,6 +65,7 @@ ifneq ($(wildcard mp3/Makefile),)
 format_mp3.so: mp3/common.o mp3/dct64_i386.o mp3/decode_ntom.o mp3/layer3.o mp3/tabinit.o mp3/interface.o
 endif
 
+chan_mobile.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 chan_ooh323.o: _ASTCFLAGS+=$(H323CFLAGS)
 chan_ooh323.so: _ASTCFLAGS+=$(H323CFLAGS)
 chan_ooh323.so: $(addprefix ooh323c/src/,$(H323OBJS)) chan_ooh323.o ooh323cDriver.o
diff --git a/apps/Makefile b/apps/Makefile
index 13c77abf0eb5857bbb35b43603b8a43dcfa6d032..3e3dc00e248a34c6fb800a082c398ff2d92883a0 100644
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -30,7 +30,11 @@ include $(ASTTOPDIR)/Makefile.moddir_rules
 clean::
 	rm -f confbridge/*.o confbridge/*.i confbridge/*.gcda confbridge/*.gcno
 
+app_confbridge.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_meetme.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_minivm.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 app_voicemail.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+app_while.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 
 app_confbridge.so: $(subst .c,.o,$(wildcard confbridge/*.c))
 $(subst .c,.o,$(wildcard confbridge/*.c)): _ASTCFLAGS+=$(call MOD_ASTCFLAGS,app_confbridge)
diff --git a/apps/app_minivm.c b/apps/app_minivm.c
index a3dcef8a70195a9326e33efabb1e27008fd0f327..ef73cabb1777443c02625a35608fb256d46f1344 100644
--- a/apps/app_minivm.c
+++ b/apps/app_minivm.c
@@ -2788,11 +2788,11 @@ static char *message_template_parse_emailbody(const char *configuration)
 	       switch (tmpwrite[1]) {
 	       case 'n':
 		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
-		      strncpy(tmpwrite, "\n", len);
+		      tmpwrite[0] = '\n';
 		      break;
 	       case 't':
 		      memmove(tmpwrite + len, tmpwrite + 2, strlen(tmpwrite + 2) + 1);
-		      strncpy(tmpwrite, "\t", len);
+		      tmpwrite[0] = '\t';
 		      break;
 	       default:
 		      ast_log(LOG_NOTICE, "Substitution routine does not support this character: %c\n", tmpwrite[1]);
diff --git a/apps/app_queue.c b/apps/app_queue.c
index b42eac240287a6b10f5e065687fc3e8063539496..f783ac94deedd7f10fff365c3b7dde2afdf85833 100644
--- a/apps/app_queue.c
+++ b/apps/app_queue.c
@@ -6411,7 +6411,7 @@ static void escape_and_substitute(struct ast_channel *chan, const char *input,
 static void setup_mixmonitor(struct queue_ent *qe, const char *filename)
 {
 	char escaped_filename[256];
-	char file_with_ext[256];
+	char file_with_ext[sizeof(escaped_filename) + sizeof(qe->parent->monfmt)];
 	char mixmonargs[1512];
 	char escaped_monitor_exec[1024];
 	const char *monitor_options;
diff --git a/apps/app_sms.c b/apps/app_sms.c
index c3d8ccd4b639853ceb45def020612816a5a47a38..df84d2ac0aac1905cf2746533bd1d38ed11823f9 100644
--- a/apps/app_sms.c
+++ b/apps/app_sms.c
@@ -1207,7 +1207,7 @@ static void sms_compose2(sms_t *h, int more)
 {
 	struct ast_tm tm;
 	struct timeval now = h->scts;
-	char stm[9];
+	char stm[45];
 
 	h->omsg[0] = 0x00;                      /* set later... */
 	h->omsg[1] = 0;
diff --git a/apps/app_test.c b/apps/app_test.c
index a5494c5463e21bdb81acbb2ea27930ad5e40eb1e..6be1a077d6e401b14bfedf762dde0dd4179fcec5 100644
--- a/apps/app_test.c
+++ b/apps/app_test.c
@@ -332,7 +332,6 @@ static int testserver_exec(struct ast_channel *chan, const char *data)
 {
 	int res = 0;
 	char testid[80]="";
-	char fn[80];
 	FILE *f;
 	if (ast_channel_state(chan) != AST_STATE_UP)
 		res = ast_answer(chan);
@@ -359,6 +358,8 @@ static int testserver_exec(struct ast_channel *chan, const char *data)
 	if (strchr(testid, '/'))
 		res = -1;
 	if ((res >=0) && (!ast_strlen_zero(testid))) {
+		char fn[PATH_MAX];
+
 		/* Got a Test ID!  Whoo hoo! */
 		/* Make the directory to hold the test results in case it's not there */
 		snprintf(fn, sizeof(fn), "%s/testresults", ast_config_AST_LOG_DIR);
diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c
index 86f2873a5c21405fd1c4769fe8b6e14825387f6f..db65c12c8854c06f22e9465054c384eaf55b04a2 100644
--- a/apps/app_voicemail.c
+++ b/apps/app_voicemail.c
@@ -1010,7 +1010,7 @@ struct mwi_sub {
 	int old_new;
 	int old_old;
 	char *uniqueid;
-	char mailbox[1];
+	char mailbox[0];
 };
 
 struct mwi_sub_task {
@@ -13167,7 +13167,7 @@ static int handle_subscribe(void *datap)
 	struct mwi_sub *mwi_sub;
 	struct mwi_sub_task *p = datap;
 
-	len = sizeof(*mwi_sub);
+	len = sizeof(*mwi_sub) + 1;
 	if (!ast_strlen_zero(p->mailbox))
 		len += strlen(p->mailbox);
 
diff --git a/channels/Makefile b/channels/Makefile
index 63142798cbb6bb2019f586e6688bd99e9608c00b..49adb342f148537ccf6e36cd69f1e5ad37c19159 100644
--- a/channels/Makefile
+++ b/channels/Makefile
@@ -50,6 +50,9 @@ chan_dahdi.so: $(CHAN_DAHDI_OBJS)
 $(CHAN_DAHDI_OBJS): _ASTCFLAGS+=$(call MOD_ASTCFLAGS,chan_dahdi)
 
 chan_mgcp.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_unistim.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_phone.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+chan_sip.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
 
 chan_misdn.o: _ASTCFLAGS+=-Imisdn
 
diff --git a/channels/chan_dahdi.c b/channels/chan_dahdi.c
index 866926736cab256572ee427db35195107c2ec631..6870e676bae5ab1376fb3364291f57995bb9fee1 100644
--- a/channels/chan_dahdi.c
+++ b/channels/chan_dahdi.c
@@ -1864,7 +1864,7 @@ static void publish_dahdichannel(struct ast_channel *chan, int span, const char
  */
 static void dahdi_ami_channel_event(struct dahdi_pvt *p, struct ast_channel *chan)
 {
-	char ch_name[20];
+	char ch_name[23];
 
 	if (p->channel < CHAN_PSEUDO) {
 		/* No B channel */
diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c
index 97cbe739068d7f997583c4b8f292efcf1e73ec60..90d2316c67674f857180aa08b3a1a12b527a56f8 100644
--- a/channels/chan_iax2.c
+++ b/channels/chan_iax2.c
@@ -14319,7 +14319,7 @@ static int iax2_matchmore(struct ast_channel *chan, const char *context, const c
 static int iax2_exec(struct ast_channel *chan, const char *context, const char *exten, int priority, const char *callerid, const char *data)
 {
 	char odata[256];
-	char req[256];
+	char req[sizeof(odata) + AST_MAX_CONTEXT + AST_MAX_EXTENSION + sizeof("IAX2//@")];
 	char *ncontext;
 	struct iax2_dpcache *dp = NULL;
 	struct ast_app *dial = NULL;
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index 4e65c7b89a9e644e35bd5f93c582cbea88b3d945..b84d13f450f00c0c9198b0f73006d03c8bbec438 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -35001,21 +35001,22 @@ AST_TEST_DEFINE(test_tcp_message_fragmentation)
 	struct ast_str *overflow;
 	struct {
 		char **fragments;
+		size_t fragment_count;
 		char **expected;
 		int num_expected;
 		const char *description;
 	} tests[] = {
-		{ normal, normal, 1, "normal" },
-		{ fragmented, normal, 1, "fragmented" },
-		{ fragmented_body, normal, 1, "fragmented_body" },
-		{ multi_fragment, normal, 1, "multi_fragment" },
-		{ multi_message, multi_message_divided, 2, "multi_message" },
-		{ multi_message_body, multi_message_body_divided, 2, "multi_message_body" },
-		{ multi_message_in_fragments, multi_message_divided, 2, "multi_message_in_fragments" },
-		{ compact, compact, 1, "compact" },
-		{ faux, faux, 1, "faux" },
-		{ folded, folded, 1, "folded" },
-		{ cl_in_body, cl_in_body, 1, "cl_in_body" },
+		{ normal, ARRAY_LEN(normal), normal, 1, "normal" },
+		{ fragmented, ARRAY_LEN(fragmented), normal, 1, "fragmented" },
+		{ fragmented_body, ARRAY_LEN(fragmented_body), normal, 1, "fragmented_body" },
+		{ multi_fragment, ARRAY_LEN(multi_fragment), normal, 1, "multi_fragment" },
+		{ multi_message, ARRAY_LEN(multi_message), multi_message_divided, 2, "multi_message" },
+		{ multi_message_body, ARRAY_LEN(multi_message_body), multi_message_body_divided, 2, "multi_message_body" },
+		{ multi_message_in_fragments, ARRAY_LEN(multi_message_in_fragments), multi_message_divided, 2, "multi_message_in_fragments" },
+		{ compact, ARRAY_LEN(compact), compact, 1, "compact" },
+		{ faux, ARRAY_LEN(faux), faux, 1, "faux" },
+		{ folded, ARRAY_LEN(folded), folded, 1, "folded" },
+		{ cl_in_body, ARRAY_LEN(cl_in_body), cl_in_body, 1, "cl_in_body" },
 	};
 	int i;
 	enum ast_test_result_state res = AST_TEST_PASS;
@@ -35043,7 +35044,7 @@ AST_TEST_DEFINE(test_tcp_message_fragmentation)
 	}
 	for (i = 0; i < ARRAY_LEN(tests); ++i) {
 		int num_messages = 0;
-		if (mock_tcp_loop(tests[i].fragments, ARRAY_LEN(tests[i].fragments),
+		if (mock_tcp_loop(tests[i].fragments, tests[i].fragment_count,
 					&overflow, tests[i].expected, &num_messages, test)) {
 			ast_test_status_update(test, "Failed to parse message '%s'\n", tests[i].description);
 			res = AST_TEST_FAIL;
diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c
index 97634bcbca9f952484bb23b6edf3de9ee2fb152a..43cc32a2be4916a4857b08797ad3e9e8c0249b26 100644
--- a/channels/chan_skinny.c
+++ b/channels/chan_skinny.c
@@ -3709,49 +3709,49 @@ static char *skinny_debugs(void)
 	int posn = 0;
 
 	ptr = dbgcli_buf;
-	strncpy(ptr, "\0", 1);
+	ptr[0] = '\0';
 	if (skinnydebug & DEBUG_GENERAL) {
-		strncpy(ptr, "general ", 8);
+		strcpy(ptr, "general "); /* SAFE */
 		posn += 8;
 		ptr += 8;
 	}
 	if (skinnydebug & DEBUG_SUB) {
-		strncpy(ptr, "sub ", 4);
+		strcpy(ptr, "sub "); /* SAFE */
 		posn += 4;
 		ptr += 4;
 	}
 	if (skinnydebug & DEBUG_AUDIO) {
-		strncpy(ptr, "audio ", 6);
+		strcpy(ptr, "audio "); /* SAFE */
 		posn += 6;
 		ptr += 6;
 	}
 	if (skinnydebug & DEBUG_PACKET) {
-		strncpy(ptr, "packet ", 7);
+		strcpy(ptr, "packet "); /* SAFE */
 		posn += 7;
 		ptr += 7;
 	}
 	if (skinnydebug & DEBUG_LOCK) {
-		strncpy(ptr, "lock ", 5);
+		strcpy(ptr, "lock "); /* SAFE */
 		posn += 5;
 		ptr += 5;
 	}
 	if (skinnydebug & DEBUG_TEMPLATE) {
-		strncpy(ptr, "template ", 9);
+		strcpy(ptr, "template "); /* SAFE */
 		posn += 9;
 		ptr += 9;
 	}
 	if (skinnydebug & DEBUG_THREAD) {
-		strncpy(ptr, "thread ", 7);
+		strcpy(ptr, "thread "); /* SAFE */
 		posn += 7;
 		ptr += 7;
 	}
 	if (skinnydebug & DEBUG_HINT) {
-		strncpy(ptr, "hint ", 5);
+		strcpy(ptr, "hint "); /* SAFE */
 		posn += 5;
 		ptr += 5;
 	}
 	if (skinnydebug & DEBUG_KEEPALIVE) {
-		strncpy(ptr, "keepalive ", 10);
+		strcpy(ptr, "keepalive "); /* SAFE */
 		posn += 10;
 		ptr += 10;
 	}
@@ -6430,7 +6430,6 @@ static int handle_stimulus_message(struct skinny_req *req, struct skinnysession
 	case STIMULUS_CALLPARK:
 		{
 		char extout[AST_MAX_EXTENSION];
-		char message[32];
 		RAII_VAR(struct ast_bridge_channel *, bridge_channel, NULL, ao2_cleanup);
 		SKINNY_DEBUG(DEBUG_PACKET, 3, "Received STIMULUS_CALLPARK from %s, inst %d, callref %d\n",
 			d->name, instance, callreference);
@@ -6452,7 +6451,10 @@ static int handle_stimulus_message(struct skinny_req *req, struct skinnysession
 			}
 
 			if (!ast_parking_park_call(bridge_channel, extout, sizeof(extout))) {
-				snprintf(message, sizeof(message), "Call Parked at: %s", extout);
+				static const char msg_prefix[] = "Call Parked at: ";
+				char message[sizeof(msg_prefix) + sizeof(extout)];
+
+				snprintf(message, sizeof(message), "%s%s", msg_prefix, extout);
 				transmit_displaynotify(d, message, 10);
 				break;
 			}
@@ -7183,7 +7185,6 @@ static int handle_soft_key_event_message(struct skinny_req *req, struct skinnyse
 	case SOFTKEY_PARK:
 		{
 		char extout[AST_MAX_EXTENSION];
-		char message[32];
 		RAII_VAR(struct ast_bridge_channel *, bridge_channel, NULL, ao2_cleanup);
 		SKINNY_DEBUG(DEBUG_PACKET, 3, "Received SOFTKEY_PARK from %s, inst %d, callref %d\n",
 			d->name, instance, callreference);
@@ -7205,7 +7206,10 @@ static int handle_soft_key_event_message(struct skinny_req *req, struct skinnyse
 			}
 
 			if (!ast_parking_park_call(bridge_channel, extout, sizeof(extout))) {
-				snprintf(message, sizeof(message), "Call Parked at: %s", extout);
+				static const char msg_prefix[] = "Call Parked at: ";
+				char message[sizeof(msg_prefix) + sizeof(extout)];
+
+				snprintf(message, sizeof(message), "%s%s", msg_prefix, extout);
 				transmit_displaynotify(d, message, 10);
 				break;
 			}
diff --git a/channels/iax2/parser.c b/channels/iax2/parser.c
index c003a821dcdec0532279d55c49e03da674122293..ec7226e94b748d5a0c7e297fa1148a0252f14c88 100644
--- a/channels/iax2/parser.c
+++ b/channels/iax2/parser.c
@@ -417,7 +417,7 @@ static void dump_ies(unsigned char *iedata, int len)
 	int x;
 	int found;
 	char interp[1024];
-	char tmp[1024];
+	char tmp[1046];
 
 	if (len < 2)
 		return;
diff --git a/configure b/configure
index ad6b9abc78b2e69d502fd39efc366839326c9eed..0e6e871f2f1be75714a4e793eaff2d5c1125d88e 100755
--- a/configure
+++ b/configure
@@ -686,6 +686,7 @@ BIND8_CFLAGS
 AST_RPATH
 AST_NATIVE_ARCH
 AST_SHADOW_WARNINGS
+AST_NO_STRINGOP_TRUNCATION
 AST_NO_FORMAT_TRUNCATION
 AST_NO_STRICT_OVERFLOW
 AST_FORTIFY_SOURCE
@@ -18611,6 +18612,19 @@ $as_echo "no" >&6; }
 fi
 
 
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wno-stringop-truncation" >&5
+$as_echo_n "checking for -Wno-stringop-truncation... " >&6; }
+if $(${CC} -Wno-stringop-truncation -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+	AST_NO_STRINGOP_TRUNCATION=-Wno-stringop-truncation
+else
+	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+	AST_NO_STRINGOP_TRUNCATION=
+fi
+
+
 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -Wshadow" >&5
 $as_echo_n "checking for -Wshadow... " >&6; }
 if $(${CC} -Wshadow -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
diff --git a/configure.ac b/configure.ac
index 8d798a7853ba40e248b2e3e638371c6b7f4bd9b5..f8f9ca1db7b23c776b40094ec6494b946feb238c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1277,6 +1277,16 @@ else
 fi
 AC_SUBST(AST_NO_FORMAT_TRUNCATION)
 
+AC_MSG_CHECKING(for -Wno-stringop-truncation)
+if $(${CC} -Wno-stringop-truncation -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
+	AC_MSG_RESULT(yes)
+	AST_NO_STRINGOP_TRUNCATION=-Wno-stringop-truncation
+else
+	AC_MSG_RESULT(no)
+	AST_NO_STRINGOP_TRUNCATION=
+fi
+AC_SUBST(AST_NO_STRINGOP_TRUNCATION)
+
 AC_MSG_CHECKING(for -Wshadow)
 if $(${CC} -Wshadow -Werror -S -o /dev/null -xc /dev/null > /dev/null 2>&1); then
 	AC_MSG_RESULT(yes)
diff --git a/funcs/Makefile b/funcs/Makefile
index 3f65070e33998e930d24b41e688fa1c70c1680bc..40df635d8836d05bb145e4c39da38970a323e984 100644
--- a/funcs/Makefile
+++ b/funcs/Makefile
@@ -25,3 +25,5 @@ include $(ASTTOPDIR)/Makefile.moddir_rules
 # warning must be disabled; for safety reasons, SPRINTF() is kept in
 # a separate module so that as little code as possible is left unchecked
 func_sprintf.o: _ASTCFLAGS+=-Wno-format-nonliteral
+
+func_groupcount.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
diff --git a/main/config.c b/main/config.c
index 1cb5bbecc35e9346a446d27b295a2badeb63f20e..da6d6f108fe34330c3d37f04df502eff89f6c280 100644
--- a/main/config.c
+++ b/main/config.c
@@ -1738,7 +1738,7 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 	char *c;
 	char *cur = buf;
 	struct ast_variable *v;
-	char cmd[512], exec_file[512];
+	char exec_file[512];
 
 	/* Actually parse the entry */
 	if (cur[0] == '[') { /* A category header */
@@ -1911,10 +1911,16 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 		   We create a tmp file, then we #include it, then we delete it. */
 		if (!do_include) {
 			struct timeval now = ast_tvnow();
+			char cmd[1024];
+
 			if (!ast_test_flag(&flags, CONFIG_FLAG_NOCACHE))
 				config_cache_attribute(configfile, ATTRIBUTE_EXEC, NULL, who_asked);
 			snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d%d.%ld", (int)now.tv_sec, (int)now.tv_usec, (long)pthread_self());
-			snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
+			if (snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file) >= sizeof(cmd)) {
+				ast_log(LOG_ERROR, "Failed to construct command string to execute %s.\n", cur);
+
+				return -1;
+			}
 			ast_safe_system(cmd);
 			cur = exec_file;
 		} else {
diff --git a/main/manager.c b/main/manager.c
index 46bc44092c4d69229c58a4c357e8c9ff7e3f8e87..0181454b37b22529479cf1b57ba94c2294ff3b2f 100644
--- a/main/manager.c
+++ b/main/manager.c
@@ -7989,7 +7989,8 @@ static int auth_http_callback(struct ast_tcptls_session_instance *ser,
 	/* compute the expected response to compare with what we received */
 	{
 		char *a2;
-		char a2_hash[256];
+		/* ast_md5_hash outputs 32 characters plus NULL terminator. */
+		char a2_hash[33];
 		char resp[256];
 
 		/* XXX Now request method are hardcoded in A2 */
diff --git a/main/pbx.c b/main/pbx.c
index b4599de0ee5506e775caaa42e10f45a761e78b7e..bcfd42d9eaebfa984c64402ccac46acbb33eb991 100644
--- a/main/pbx.c
+++ b/main/pbx.c
@@ -6165,7 +6165,7 @@ struct store_hint {
 	char *last_presence_message;
 
 	AST_LIST_ENTRY(store_hint) list;
-	char data[1];
+	char data[0];
 };
 
 AST_LIST_HEAD_NOLOCK(store_hints, store_hint);
diff --git a/makeopts.in b/makeopts.in
index 5dc81f3a0d991a773377426fdc126d4270a095c7..17a4d275176da1d1aaf2fc469c3246a55ab4c4ba 100644
--- a/makeopts.in
+++ b/makeopts.in
@@ -119,6 +119,7 @@ AST_DECLARATION_AFTER_STATEMENT=@AST_DECLARATION_AFTER_STATEMENT@
 AST_TRAMPOLINES=@AST_TRAMPOLINES@
 AST_NO_STRICT_OVERFLOW=@AST_NO_STRICT_OVERFLOW@
 AST_NO_FORMAT_TRUNCATION=@AST_NO_FORMAT_TRUNCATION@
+AST_NO_STRINGOP_TRUNCATION=@AST_NO_STRINGOP_TRUNCATION@
 AST_SHADOW_WARNINGS=@AST_SHADOW_WARNINGS@
 AST_NESTED_FUNCTIONS=@AST_NESTED_FUNCTIONS@
 AST_CLANG_BLOCKS=@AST_CLANG_BLOCKS@
diff --git a/pbx/dundi-parser.c b/pbx/dundi-parser.c
index 9ca0dfb0b3df59f953390fb7531745da02f444fa..daa7d718eb0325982479f8328e683d9902ab2bae 100644
--- a/pbx/dundi-parser.c
+++ b/pbx/dundi-parser.c
@@ -388,7 +388,7 @@ static void dump_ies(unsigned char *iedata, int spaces, int len)
 	int x;
 	int found;
 	char interp[1024];
-	char tmp[1024];
+	char tmp[1051];
 	if (len < 2)
 		return;
 	while(len >= 2) {
diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c
index 7ec144de5c4a1333ccae4455877065c860ce1517..93ff579c974722709399c788f2ffa384567d4d65 100644
--- a/pbx/pbx_dundi.c
+++ b/pbx/pbx_dundi.c
@@ -1239,7 +1239,6 @@ static int cache_lookup_internal(time_t now, struct dundi_request *req, char *ke
 
 static int cache_lookup(struct dundi_request *req, dundi_eid *peer_eid, uint32_t crc, int *lowexpiration)
 {
-	char key[256];
 	char eid_str[20];
 	char eidroot_str[20];
 	time_t now;
@@ -1247,6 +1246,8 @@ static int cache_lookup(struct dundi_request *req, dundi_eid *peer_eid, uint32_t
 	int res2=0;
 	char eid_str_full[20];
 	char tmp[256]="";
+	/* Enough space for largest value that can be stored in key. */
+	char key[sizeof(eid_str) + sizeof(tmp) + sizeof(req->dcontext) + sizeof(eidroot_str) + sizeof("hint////r")];
 	int x;
 
 	time(&now);
diff --git a/res/Makefile b/res/Makefile
index 5a8f35a855224fbcc1dfa39096b6d3c04188dbb6..48658839e9b187cdd0a09db30a58f8bbfca1b3b8 100644
--- a/res/Makefile
+++ b/res/Makefile
@@ -29,7 +29,7 @@ endif
 res_config_ldap.o: _ASTCFLAGS+=-DLDAP_DEPRECATED
 
 ael/ael_lex.o: ael/ael_lex.c ../include/asterisk/ael_structs.h ael/ael.tab.h
-ael/ael_lex.o: _ASTCFLAGS+=-I. -Iael -Wno-unused
+ael/ael_lex.o: _ASTCFLAGS+=-I. -Iael -Wno-unused $(AST_NO_FORMAT_TRUNCATION)
 
 ael/ael.tab.o: ael/ael.tab.c ael/ael.tab.h ../include/asterisk/ael_structs.h
 ael/ael.tab.o: _ASTCFLAGS+=-I. -Iael -DYYENABLE_NLS=0
@@ -95,5 +95,7 @@ ari/ari_model_validators.o: _ASTCFLAGS+=$(call MOD_ASTCFLAGS,res_ari_model)
 res_stasis_recording.so: stasis_recording/stored.o
 stasis_recording/stored.o:  _ASTCFLAGS+=$(call MOD_ASTCFLAGS,res_stasis_recording)
 
+res_parking.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
+
 # Dependencies for res_ari_*.so are generated, so they're in this file
 include ari.make
diff --git a/res/res_config_ldap.c b/res/res_config_ldap.c
index e3935e07045b41b1237215159e029a30cd9f7814..b5505e6e9ef1603fe1cfd510cbcdecdc47159f37 100644
--- a/res/res_config_ldap.c
+++ b/res/res_config_ldap.c
@@ -1961,7 +1961,7 @@ static int ldap_reconnect(void)
  */
 static char *realtime_ldap_status(struct ast_cli_entry *e, int cmd, struct ast_cli_args *a)
 {
-	char status[256], credentials[100] = "";
+	struct ast_str *buf;
 	int ctimesec = time(NULL) - connect_time;
 
 	switch (cmd) {
@@ -1978,30 +1978,33 @@ static char *realtime_ldap_status(struct ast_cli_entry *e, int cmd, struct ast_c
 	if (!ldapConn)
 		return CLI_FAILURE;
 
-	if (!ast_strlen_zero(url))
-		snprintf(status, sizeof(status), "Connected to '%s', baseDN %s", url, base_distinguished_name);
+	buf = ast_str_create(512);
+	if (!ast_strlen_zero(url)) {
+		ast_str_append(&buf, 0, "Connected to '%s', baseDN %s", url, base_distinguished_name);
+	}
 
-	if (!ast_strlen_zero(user))
-		snprintf(credentials, sizeof(credentials), " with username %s", user);
+	if (!ast_strlen_zero(user)) {
+		ast_str_append(&buf, 0, " with username %s", user);
+	}
 
 	if (ctimesec > 31536000) {
-		ast_cli(a->fd, "%s%s for %d years, %d days, %d hours, %d minutes, %d seconds.\n",
-				status, credentials, ctimesec / 31536000,
+		ast_cli(a->fd, "%s for %d years, %d days, %d hours, %d minutes, %d seconds.\n",
+				ast_str_buffer(buf), ctimesec / 31536000,
 				(ctimesec % 31536000) / 86400, (ctimesec % 86400) / 3600,
 				(ctimesec % 3600) / 60, ctimesec % 60);
 	} else if (ctimesec > 86400) {
-		ast_cli(a->fd, "%s%s for %d days, %d hours, %d minutes, %d seconds.\n",
-				status, credentials, ctimesec / 86400, (ctimesec % 86400) / 3600,
+		ast_cli(a->fd, "%s for %d days, %d hours, %d minutes, %d seconds.\n",
+				ast_str_buffer(buf), ctimesec / 86400, (ctimesec % 86400) / 3600,
 				(ctimesec % 3600) / 60, ctimesec % 60);
 	} else if (ctimesec > 3600) {
-		ast_cli(a->fd, "%s%s for %d hours, %d minutes, %d seconds.\n",
-				status, credentials, ctimesec / 3600, (ctimesec % 3600) / 60,
+		ast_cli(a->fd, "%s for %d hours, %d minutes, %d seconds.\n",
+				ast_str_buffer(buf), ctimesec / 3600, (ctimesec % 3600) / 60,
 				ctimesec % 60);
 	} else if (ctimesec > 60) {
-		ast_cli(a->fd, "%s%s for %d minutes, %d seconds.\n", status, credentials,
+		ast_cli(a->fd, "%s for %d minutes, %d seconds.\n", ast_str_buffer(buf),
 					ctimesec / 60, ctimesec % 60);
 	} else {
-		ast_cli(a->fd, "%s%s for %d seconds.\n", status, credentials, ctimesec);
+		ast_cli(a->fd, "%s for %d seconds.\n", ast_str_buffer(buf), ctimesec);
 	}
 
 	return CLI_SUCCESS;
diff --git a/res/res_musiconhold.c b/res/res_musiconhold.c
index 17bcd904b282e0738729a6ee46c833636452395c..4d98f608932ffadb190005d88f00156b747cad12 100644
--- a/res/res_musiconhold.c
+++ b/res/res_musiconhold.c
@@ -1105,7 +1105,7 @@ static int moh_scan_files(struct mohclass *class) {
 
 	DIR *files_DIR;
 	struct dirent *files_dirent;
-	char dir_path[PATH_MAX];
+	char dir_path[PATH_MAX - sizeof(class->dir)];
 	char filepath[PATH_MAX];
 	char *ext;
 	struct stat statbuf;
diff --git a/tests/Makefile b/tests/Makefile
index a65b88bac33cd221eaf96388bdf7814c9432f5ef..f64669bcdc898ee438dfe9cf4dbafeeea35df466 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -18,3 +18,6 @@ MENUSELECT_DESCRIPTION=Test Modules
 all: _all
 
 include $(ASTTOPDIR)/Makefile.moddir_rules
+
+test_strings.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION) $(AST_NO_STRINGOP_TRUNCATION)
+test_voicemail_api.o: _ASTCFLAGS+=$(AST_NO_FORMAT_TRUNCATION)
diff --git a/utils/Makefile b/utils/Makefile
index cabc2689b9d7b2bcde81c23e6e8fca5df3b1bd28..0a3baecf343d2eadb3e29db719d89367efc97e3a 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -157,7 +157,7 @@ aelparse.c: $(ASTTOPDIR)/res/ael/ael_lex.c
 	$(CMD_PREFIX) sed 's/ast_debug([[:digit:]][[:digit:]]*/ast_log(LOG_DEBUG/' "$@" > "$@.new"
 	$(CMD_PREFIX) mv "$@.new" "$@"
 
-aelparse.o: _ASTCFLAGS+=-I$(ASTTOPDIR)/res -Wno-unused
+aelparse.o: _ASTCFLAGS+=-I$(ASTTOPDIR)/res -Wno-unused $(AST_NO_FORMAT_TRUNCATION)
 aelparse: LIBS+=-lm $(AST_CLANG_BLOCKS_LIBS)
 aelparse: aelparse.o aelbison.o pbx_ael.o hashtab.o lock.o ael_main.o ast_expr2f.o ast_expr2.o strcompat.o pval.o extconf.o
 
diff --git a/utils/ael_main.c b/utils/ael_main.c
index 0c6ec03b4ec4358edc198f301b32f0db53f99dbf..6c837462937b4f45f57f9fb5d9b5bceb0b7cd01d 100644
--- a/utils/ael_main.c
+++ b/utils/ael_main.c
@@ -381,7 +381,7 @@ void ast_context_add_switch2(struct ast_context *con, const char *value, const c
 	if( dump_extensions ) {
 		struct namelist *x;
 		x = create_name((char*)value);
-		strncpy(x->name2,data,100);
+		strncpy(x->name2, data, 99);
 		if( eval ) {
 
 			ADD_LAST(con->switches,x);
diff --git a/utils/astman.c b/utils/astman.c
index 2ea68b9620f21e4655f0459a83bc8304d45081da..ec06868f92b23762789366cbc96c4befb90fa482 100644
--- a/utils/astman.c
+++ b/utils/astman.c
@@ -543,14 +543,15 @@ static void try_redirect(newtComponent c)
 	struct ast_chan *chan;
 	char dest[256];
 	struct message *m;
+	static const char tmp_prefix[] = "Enter new extension for ";
 	char channame[256];
-	char tmp[80];
+	char tmp[sizeof(tmp_prefix) + sizeof(channame)];
 	char *context;
 
 	chan = newtListboxGetCurrent(c);
 	if (chan) {
 		strncpy(channame, chan->name, sizeof(channame) - 1);
-		snprintf(tmp, sizeof(tmp), "Enter new extension for %s", channame);
+		snprintf(tmp, sizeof(tmp), "%s%s", tmp_prefix, channame);
 		if (get_user_input(tmp, dest, sizeof(dest)))
 			return;
 		if ((context = strchr(dest, '@'))) {
diff --git a/utils/db1-ast/hash/ndbm.c b/utils/db1-ast/hash/ndbm.c
index d702f737aea3601201988e593601eb00d9ec3950..16202eda0a0eeebd83c96625116d591fa9277bed 100644
--- a/utils/db1-ast/hash/ndbm.c
+++ b/utils/db1-ast/hash/ndbm.c
@@ -79,7 +79,7 @@ dbm_open(file, flags, mode)
 	info.cachesize = 0;
 	info.hash = NULL;
 	info.lorder = 0;
-	(void)strncpy(path, file, len - 1);
+	(void)strcpy(path, file); /* SAFE */
 	(void)strncat(path, DBM_SUFFIX, len - strlen(path) - 1);
 	db = (DBM *)__hash_open(path, flags, mode, &info, 0);
 #ifndef	__GNUC__
diff --git a/utils/extconf.c b/utils/extconf.c
index 97cfaa9a68b427051ff9d47948c5f2a000a46f73..2e77fb2789f1fff09e0687f9e602037696da8e18 100644
--- a/utils/extconf.c
+++ b/utils/extconf.c
@@ -3180,7 +3180,7 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 	char *c;
 	char *cur = buf;
 	struct ast_variable *v;
-	char cmd[512], exec_file[512];
+	char exec_file[512];
 	int object, do_exec, do_include;
 
 	/* Actually parse the entry */
@@ -3294,8 +3294,14 @@ static int process_text_line(struct ast_config *cfg, struct ast_category **cat,
 				/* #exec </path/to/executable>
 				   We create a tmp file, then we #include it, then we delete it. */
 				if (do_exec) {
+					char cmd[1024];
+
 					snprintf(exec_file, sizeof(exec_file), "/var/tmp/exec.%d.%ld", (int)time(NULL), (long)pthread_self());
-					snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file);
+					if (snprintf(cmd, sizeof(cmd), "%s > %s 2>&1", cur, exec_file) >= sizeof(cmd)) {
+						ast_log(LOG_ERROR, "Failed to construct command string to execute %s.\n", cur);
+
+						return -1;
+					}
 					ast_safe_system(cmd);
 					cur = exec_file;
 				} else