diff --git a/src/client/cl_console.c b/src/client/cl_console.c
index 4d754f90..b4d8dff2 100644
--- a/src/client/cl_console.c
+++ b/src/client/cl_console.c
@@ -449,7 +449,7 @@ Con_CenteredPrint(char *text)
 
 	memset(buffer, ' ', l);
 	strcpy(buffer + l, text);
-	strcat(buffer, "\n");
+	Q_strlcat(buffer, "\n", sizeof(buffer));
 	Con_Print(buffer);
 }
 
@@ -704,14 +704,14 @@ Con_DrawConsole(float frac)
 			y = x - i - 11;
 			memcpy(dlbar, text, i);
 			dlbar[i] = 0;
-			strcat(dlbar, "...");
+			Q_strlcat(dlbar, "...", sizeof(dlbar));
 		}
 		else
 		{
 			strcpy(dlbar, text);
 		}
 
-		strcat(dlbar, ": ");
+		Q_strlcat(dlbar, ": ", sizeof(dlbar));
 		i = strlen(dlbar);
 		dlbar[i++] = '\x80';
 
diff --git a/src/client/cl_download.c b/src/client/cl_download.c
index 78bb9409..5eccff64 100644
--- a/src/client/cl_download.c
+++ b/src/client/cl_download.c
@@ -469,7 +469,7 @@ CL_CheckOrDownloadFile(char *filename)
 	   to the real name when done, so if interrupted
 	   a runt file wont be left */
 	COM_StripExtension(cls.downloadname, cls.downloadtempname);
-	strcat(cls.downloadtempname, ".tmp");
+	Q_strlcat(cls.downloadtempname, ".tmp", sizeof(cls.downloadtempname));
 
 	/* check to see if we already have a tmp for this 
 	   file, if so, try to resume and open the file if
@@ -540,7 +540,7 @@ CL_Download_f(void)
 	   to the real name when done, so if interrupted
 	   a runt file wont be left */
 	COM_StripExtension(cls.downloadname, cls.downloadtempname);
-	strcat(cls.downloadtempname, ".tmp");
+	Q_strlcat(cls.downloadtempname, ".tmp", sizeof(cls.downloadtempname));
 
 	MSG_WriteByte(&cls.netchan.message, clc_stringcmd);
 	MSG_WriteString(&cls.netchan.message, va("download %s", cls.downloadname));
diff --git a/src/client/cl_keyboard.c b/src/client/cl_keyboard.c
index 27bd6d7a..5e3ffc07 100644
--- a/src/client/cl_keyboard.c
+++ b/src/client/cl_keyboard.c
@@ -743,11 +743,11 @@ Key_Bind_f(void)
 
 	for (i = 2; i < c; i++)
 	{
-		strcat(cmd, Cmd_Argv(i));
+		Q_strlcat(cmd, Cmd_Argv(i), sizeof(cmd));
 
 		if (i != (c - 1))
 		{
-			strcat(cmd, " ");
+			Q_strlcat(cmd, " ", sizeof(cmd));
 		}
 	}
 
diff --git a/src/client/cl_main.c b/src/client/cl_main.c
index f0f0129d..d21a1e2e 100644
--- a/src/client/cl_main.c
+++ b/src/client/cl_main.c
@@ -277,12 +277,12 @@ CL_Setenv_f(void)
 		int i;
 
 		strcpy(buffer, Cmd_Argv(1));
-		strcat(buffer, "=");
+		Q_strlcat(buffer, "=", sizeof(buffer));
 
 		for (i = 2; i < argc; i++)
 		{
-			strcat(buffer, Cmd_Argv(i));
-			strcat(buffer, " ");
+			Q_strlcat(buffer, Cmd_Argv(i), sizeof(buffer));
+			Q_strlcat(buffer, " ", sizeof(buffer));
 		}
 
 		putenv(buffer);
diff --git a/src/client/cl_network.c b/src/client/cl_network.c
index 0a26880d..bfc9acb3 100644
--- a/src/client/cl_network.c
+++ b/src/client/cl_network.c
@@ -247,15 +247,15 @@ CL_Rcon_f(void)
 
 	NET_Config(true);  /* allow remote */
 
-	strcat(message, "rcon ");
+	Q_strlcat(message, "rcon ", sizeof(message));
 
-	strcat(message, rcon_client_password->string);
-	strcat(message, " ");
+	Q_strlcat(message, rcon_client_password->string, sizeof(message));
+	Q_strlcat(message, " ", sizeof(message));
 
 	for (i = 1; i < Cmd_Argc(); i++)
 	{
-		strcat(message, Cmd_Argv(i));
-		strcat(message, " ");
+		Q_strlcat(message, Cmd_Argv(i), sizeof(message));
+		Q_strlcat(message, " ", sizeof(message));
 	}
 
 	if (cls.state >= ca_connected)
diff --git a/src/client/menu/menu.c b/src/client/menu/menu.c
index 054e283d..dbb28ea6 100644
--- a/src/client/menu/menu.c
+++ b/src/client/menu/menu.c
@@ -549,7 +549,7 @@ M_Main_Draw(void)
 	}
 
 	strcpy(litname, names[m_main_cursor]);
-	strcat(litname, "_sel");
+	Q_strlcat(litname, "_sel", sizeof(litname));
 	re.DrawPic(xoffset, ystart + m_main_cursor * 40 + 13, litname);
 
 	M_DrawCursor(xoffset - 25, ystart + m_main_cursor * 40 + 11,
@@ -3784,7 +3784,7 @@ IconOfSkinExists(char *skin, char **pcxfiles, int npcxfiles)
 
 	strcpy(scratch, skin);
 	*strrchr(scratch, '.') = 0;
-	strcat(scratch, "_i.pcx");
+	Q_strlcat(scratch, "_i.pcx", sizeof(scratch));
 
 	for (i = 0; i < npcxfiles; i++)
 	{
@@ -3862,7 +3862,7 @@ PlayerConfig_ScanDirectories(void)
 
 		/* verify the existence of tris.md2 */
 		strcpy(scratch, dirnames[i]);
-		strcat(scratch, "/tris.md2");
+		Q_strlcat(scratch, "/tris.md2", sizeof(scratch));
 
 		if (!Sys_FindFirst(scratch, 0, SFF_SUBDIR | SFF_HIDDEN | SFF_SYSTEM))
 		{
@@ -3876,7 +3876,7 @@ PlayerConfig_ScanDirectories(void)
 
 		/* verify the existence of at least one pcx skin */
 		strcpy(scratch, dirnames[i]);
-		strcat(scratch, "/*.pcx");
+		Q_strlcat(scratch, "/*.pcx", sizeof(scratch));
 		pcxnames = FS_ListFiles(scratch, &npcxfiles,
 				0, SFF_SUBDIR | SFF_HIDDEN | SFF_SYSTEM);
 
diff --git a/src/common/clientserver.c b/src/common/clientserver.c
index fc8594b0..1c892371 100644
--- a/src/common/clientserver.c
+++ b/src/common/clientserver.c
@@ -89,7 +89,7 @@ Com_Printf(char *fmt, ...)
 			*rd_buffer = 0;
 		}
 
-		strcat(rd_buffer, msg);
+		Q_strlcat(rd_buffer, msg, rd_buffersize);
 		return;
 	}
 
diff --git a/src/common/cmdparser.c b/src/common/cmdparser.c
index 7c4a790d..2e92797b 100644
--- a/src/common/cmdparser.c
+++ b/src/common/cmdparser.c
@@ -460,15 +460,15 @@ Cmd_Alias_f(void)
 
 	for (i = 2; i < c; i++)
 	{
-		strcat(cmd, Cmd_Argv(i));
+		Q_strlcat(cmd, Cmd_Argv(i), sizeof(cmd));
 
 		if (i != (c - 1))
 		{
-			strcat(cmd, " ");
+			Q_strlcat(cmd, " ", sizeof(cmd));
 		}
 	}
 
-	strcat(cmd, "\n");
+	Q_strlcat(cmd, "\n", sizeof(cmd));
 
 	a->value = CopyString(cmd);
 }
diff --git a/src/game/g_cmds.c b/src/game/g_cmds.c
index 37a9d928..720cb2f4 100644
--- a/src/game/g_cmds.c
+++ b/src/game/g_cmds.c
@@ -1096,9 +1096,9 @@ Cmd_Say_f(edict_t *ent, qboolean team, qboolean arg0)
 
 	if (arg0)
 	{
-		strcat(text, gi.argv(0));
-		strcat(text, " ");
-		strcat(text, gi.args());
+		Q_strlcat(text, gi.argv(0), sizeof(text));
+		Q_strlcat(text, " ", sizeof(text));
+		Q_strlcat(text, gi.args(), sizeof(text));
 	}
 	else
 	{
@@ -1110,7 +1110,7 @@ Cmd_Say_f(edict_t *ent, qboolean team, qboolean arg0)
 			p[strlen(p) - 1] = 0;
 		}
 
-		strcat(text, p);
+		Q_strlcat(text, p, sizeof(text));
 	}
 
 	/* don't let text be too long for malicious reasons */
@@ -1119,7 +1119,7 @@ Cmd_Say_f(edict_t *ent, qboolean team, qboolean arg0)
 		text[150] = 0;
 	}
 
-	strcat(text, "\n");
+	Q_strlcat(text, "\n", sizeof(text));
 
 	if (flood_msgs->value)
 	{
@@ -1218,7 +1218,7 @@ Cmd_PlayerList_f(edict_t *ent)
 
 		if (strlen(text) + strlen(st) > sizeof(text) - 50)
 		{
-			Q_strlcat(text, "And more...\n", sizeof(text));
+			strcat(text, "And more...\n");
 			gi.cprintf(ent, PRINT_HIGH, "%s", text);
 			return;
 		}
diff --git a/src/server/sv_cmd.c b/src/server/sv_cmd.c
index dd62499c..645e8c2f 100644
--- a/src/server/sv_cmd.c
+++ b/src/server/sv_cmd.c
@@ -408,7 +408,7 @@ SV_ConSay_f(void)
 		p[strlen(p) - 1] = 0;
 	}
 
-	strcat(text, p);
+	Q_strlcat(text, p, sizeof(text));
 
 	for (j = 0, client = svs.clients; j < maxclients->value; j++, client++)
 	{
diff --git a/src/server/sv_conless.c b/src/server/sv_conless.c
index b7f2dcc2..56dc9639 100644
--- a/src/server/sv_conless.c
+++ b/src/server/sv_conless.c
@@ -368,8 +368,8 @@ SVC_RemoteCommand(void)
 
 		for (i = 2; i < Cmd_Argc(); i++)
 		{
-			strcat(remaining, Cmd_Argv(i));
-			strcat(remaining, " ");
+			Q_strlcat(remaining, Cmd_Argv(i), sizeof(remaining));
+			Q_strlcat(remaining, " ", sizeof(remaining));
 		}
 
 		Cmd_ExecuteString(remaining);
diff --git a/src/server/sv_main.c b/src/server/sv_main.c
index 6b0d0b32..72fe8343 100644
--- a/src/server/sv_main.c
+++ b/src/server/sv_main.c
@@ -95,7 +95,7 @@ SV_StatusString(void)
 	int playerLength;
 
 	strcpy(status, Cvar_Serverinfo());
-	strcat(status, "\n");
+	Q_strlcat(status, "\n", sizeof(status));
 	statusLength = (int)strlen(status);
 
 	for (i = 0; i < maxclients->value; i++)