diff --git a/harbour/ChangeLog b/harbour/ChangeLog
index de81269506..8e2f087f4a 100644
--- a/harbour/ChangeLog
+++ b/harbour/ChangeLog
@@ -8,6 +8,16 @@
    2008-12-31 13:59 UTC+0100 Foo Bar (foo.bar foobar.org)
 */
 
+2009-01-25 22:16 UTC+0100 Viktor Szakats (harbour.01 syenar hu)
+  * source/rtl/philes.c
+    ! FWRITE(): Fixed accessing past the string buffer (thus
+      causing potential GPF and a huge security hole) when
+      the passed length is greate than the lenght of the string.
+      Very old bug. In fact CA-Cl*pper suffers from the same
+      problem, and behavior for such case is not documented.
+      Harbour will ignore the length parameter (thus writing
+      the whole passed string), if the length is invalid.
+
 2009-01-25 12:30 UTC+0100 Francesco Saverio Giudice (info/at/fsgiudice.com)
   * harbour/contrib/examples/uhttpd/uhttpd.prg
     + Added hb_Inet*() version
diff --git a/harbour/source/rtl/philes.c b/harbour/source/rtl/philes.c
index 6c1450f68c..6271cc8996 100644
--- a/harbour/source/rtl/philes.c
+++ b/harbour/source/rtl/philes.c
@@ -152,9 +152,18 @@ HB_FUNC( FWRITE )
 
    if( ISNUM( 1 ) && ISCHAR( 2 ) )
    {
+      ULONG nLen = hb_parclen( 2 );
+
+      if( ISNUM( 3 ) )
+      {
+         ULONG nWrite = ( ULONG ) hb_parnl( 3 );
+         if( nWrite < nLen )
+            nLen = nWrite;
+      }
+
       hb_retnl( hb_fsWriteLarge( hb_numToHandle( hb_parnint( 1 ) ),
                                  ( BYTE * ) hb_parc( 2 ),
-                                 ISNUM( 3 ) ? ( ULONG ) hb_parnl( 3 ) : hb_parclen( 2 ) ) );
+                                 nLen ) );
       uiError = hb_fsError();
    }
    else