In my quest to eradicate non-length-limited versions of strcpy and friends, I found a probably buffer overrun bug in iafk.c (and also the other interface files).
In the afk_who() routine, the variable stats is declared to be a 20 byte string. However, as we fill in the various status flags, we add far more than 20 bytes due to all the color codes. I believe this was intended to be a 20 "character position" buffer so that it takes 20 columns in the display, but needs to be more than 20 bytes long since the addition of color.
When I replaced the various strcat's with length limited ones, I found it was being truncated. Since this isn't dynamically allocated, Electric Fence can't catch it, and presumably the unlimited strcat just stomps on whatever is next in memory (most like invis_str).
I'd suggest switching it to an MIL (MAX_INPUT_LENGTH) buffer size. I hope to provide Samson with a patch soon to nail down many of the potentials like this, but testing takes time, and I figured this might actually stop a crash or two somewhere out there.