Buffer overflow

It has lots of sprintf-style formatting for path names.
The destination buffers are typically 128 bytes in size.

It's not protected against overflow, and it needs to take care of security implications of inputting unusually long path names.