diff --git a/lib/libtermcap/tgoto.c b/lib/libtermcap/tgoto.c
index 85b8d572cea0..ca493024f706 100644
--- a/lib/libtermcap/tgoto.c
+++ b/lib/libtermcap/tgoto.c
@@ -90,6 +90,8 @@ tgoto(const char *CM, int destcol, int destline)
 	added[0] = 0;
 	while ( (c = *cp++) ) {
 		if (c != '%') {
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = c;
 			continue;
 		}
@@ -110,14 +112,20 @@ tgoto(const char *CM, int destcol, int destline)
 			/* fall into... */
 
 		case '3':
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = (which / 100) | '0';
 			which %= 100;
 			/* fall into... */
 
 		case '2':
 two:
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = which / 10 | '0';
 one:
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = which % 10 | '0';
 swap:
 			oncol = 1 - oncol;
@@ -170,6 +178,8 @@ tgoto(const char *CM, int destcol, int destline)
 						which++;
 					} while (which == '\n');
 			}
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = which;
 			goto swap;
 
@@ -184,6 +194,8 @@ tgoto(const char *CM, int destcol, int destline)
 			continue;
 
 		case '%':
+			if (dp >= &result[MAXRETURNSIZE])
+				return ("OVERFLOW");
 			*dp++ = c;
 			continue;
 
@@ -203,6 +215,8 @@ tgoto(const char *CM, int destcol, int destline)
 			goto toohard;
 		}
 	}
+	if (dp+strlen(added)+1 > &result[MAXRETURNSIZE])
+		return ("OVERFLOW");
 	strcpy(dp, added);
 	return (result);
 }