diff --git a/src/3rdparty/zeek_inet_ntop.c b/src/3rdparty/zeek_inet_ntop.c
index 36cb3928c1..04994b2608 100644
--- a/src/3rdparty/zeek_inet_ntop.c
+++ b/src/3rdparty/zeek_inet_ntop.c
@@ -106,7 +106,8 @@ zeek_inet_ntop6(const u_char *src, char *dst, socklen_t size)
 	 * Keep this in mind if you think this function should have been coded
 	 * to use pointer overlays.  All the world's not a VAX.
 	 */
-	char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"], *tp;
+	const int tmp_size = sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255");
+	char tmp[tmp_size], *tp;
 	struct { int base, len; } best, cur;
 	u_int words[NS_IN6ADDRSZ / NS_INT16SZ];
 	int i;
@@ -147,13 +148,17 @@ zeek_inet_ntop6(const u_char *src, char *dst, socklen_t size)
 	/*
 	 * Format the result.
 	 */
+	int remaining = tmp_size;
 	tp = tmp;
 	for (i = 0; i < (NS_IN6ADDRSZ / NS_INT16SZ); i++) {
 		/* Are we inside the best run of 0x00's? */
 		if (best.base != -1 && i >= best.base &&
 		    i < (best.base + best.len)) {
 			if (i == best.base)
+				{
 				*tp++ = ':';
+				remaining--;
+				}
 			continue;
 		}
 		/* Are we following an initial run of 0x00s or any real hex? */
@@ -167,9 +172,10 @@ zeek_inet_ntop6(const u_char *src, char *dst, socklen_t size)
 			if (!zeek_inet_ntop4(src+12, tp, sizeof tmp - (tp - tmp)))
 				return (NULL);
 			tp += strlen(tp);
+			remaining -= strlen(tp);
 			break;
 		}
-		tp += sprintf(tp, "%x", words[i]);
+		tp += snprintf(tp, remaining, "%x", words[i]);
 	}
 	/* Was it a trailing run of 0x00's? */
 	if (best.base != -1 && (best.base + best.len) ==