diff --git a/libhdf5/hdf5var.c b/libhdf5/hdf5var.c
index 0a1273250b..7b06e738dc 100644
--- a/libhdf5/hdf5var.c
+++ b/libhdf5/hdf5var.c
@@ -121,11 +121,12 @@ give_var_secret_name(NC_VAR_INFO_T *var, const char *name)
      * clash. */
     if (strlen(name) + strlen(NON_COORD_PREPEND) > NC_MAX_NAME)
         return NC_EMAXNAME;
-    if (!(var->alt_name = malloc((strlen(NON_COORD_PREPEND) +
-                                   strlen(name) + 1) * sizeof(char))))
+    size_t alt_name_size = (strlen(NON_COORD_PREPEND) + strlen(name) + 1) *
+                           sizeof(char);
+    if (!(var->alt_name = malloc(alt_name_size)))
         return NC_ENOMEM;
 
-    sprintf(var->alt_name, "%s%s", NON_COORD_PREPEND, name);
+    snprintf(var->alt_name, alt_name_size, "%s%s", NON_COORD_PREPEND, name);
 
     return NC_NOERR;
 }
diff --git a/libnczarr/zvar.c b/libnczarr/zvar.c
index aad9aba97b..21c18fde9c 100644
--- a/libnczarr/zvar.c
+++ b/libnczarr/zvar.c
@@ -243,11 +243,12 @@ give_var_secret_name(NC_VAR_INFO_T *var, const char *name)
      * clash. */
     if (strlen(name) + strlen(NON_COORD_PREPEND) > NC_MAX_NAME)
 	return NC_EMAXNAME;
-    if (!(var->ncz_name = malloc((strlen(NON_COORD_PREPEND) +
-				   strlen(name) + 1) * sizeof(char))))
+	size_t ncz_name_size = (strlen(NON_COORD_PREPEND) + strlen(name) + 1) *
+	                       sizeof(char);
+    if (!(var->ncz_name = malloc(ncz_name_size)))
 	return NC_ENOMEM;
 
-    sprintf(var->ncz_name, "%s%s", NON_COORD_PREPEND, name);
+    snprintf(var->ncz_name, ncz_name_size, "%s%s", NON_COORD_PREPEND, name);
 
     return NC_NOERR;
 }
diff --git a/nc_test/tst_def_var_fill.c b/nc_test/tst_def_var_fill.c
index 5c32485420..425d563c8a 100644
--- a/nc_test/tst_def_var_fill.c
+++ b/nc_test/tst_def_var_fill.c
@@ -46,8 +46,9 @@ int main(int argc, char** argv) {
     if (argc == 2) snprintf(filename, 256, "%s", argv[1]);
     else           strcpy(filename, "tst_def_var_fill.nc");
 
-    char *cmd_str = (char*)malloc(strlen(argv[0]) + 256);
-    sprintf(cmd_str, "*** TESTING C   %s for def_var_fill ", argv[0]);
+    size_t cmd_str_len = strlen(argv[0]) + 256;
+    char *cmd_str = (char*)malloc(cmd_str_len);
+    snprintf(cmd_str, cmd_str_len, "*** TESTING C   %s for def_var_fill ", argv[0]);
     printf("%-66s ------ ", cmd_str); fflush(stdout);
     free(cmd_str);
 
diff --git a/ncdump/dumplib.c b/ncdump/dumplib.c
index 03fe3b278e..b157937d16 100644
--- a/ncdump/dumplib.c
+++ b/ncdump/dumplib.c
@@ -1034,7 +1034,8 @@ chars_tostring(
 {
     long iel;
     const char *sp;
-    char *sout = (char *)emalloc(4*len + 5); /* max len of string */
+    size_t sout_size = 4*len + 5; /* max len of string */
+    char *sout = (char *)emalloc(sout_size);
     char *cp = sout;
     *cp++ = '"';
 
@@ -1061,7 +1062,8 @@ chars_tostring(
 	    if (isprint(uc))
 		*cp++ = *(char *)&uc; /* just copy, even if char is signed */
 	    else {
-		sprintf(cp,"\\%.3o",uc);
+	    size_t remaining = sout_size - (cp - sout);
+		snprintf(cp,remaining,"\\%.3o",uc);
 		cp += 4;
 	    }
 	    break;
diff --git a/ncgen/util.c b/ncgen/util.c
index 108fff0440..589582c611 100644
--- a/ncgen/util.c
+++ b/ncgen/util.c
@@ -174,8 +174,9 @@ nctypename(nc_type nctype)
 	return nctypenamesextend[(nctype - NC_GRP)];
     if(nctype == NC_FILLVALUE) return "NC_FILL";
     if(nctype == NC_NIL) return "NC_NIL";
-    s = poolalloc(128);
-    sprintf(s,"NC_<%d>",nctype);
+    const size_t s_size = 128;
+    s = poolalloc(s_size);
+    snprintf(s,s_size,"NC_<%d>",nctype);
     return s;
 }
 
@@ -195,8 +196,9 @@ ncclassname(nc_class ncc)
     if(ncc == NC_FILLVALUE) return "NC_FILL";
     if(ncc >= NC_GRP && ncc <= NC_PRIM)
 	return ncclassnames[ncc - NC_GRP];
-    s = poolalloc(128);
-    sprintf(s,"NC_<%d>",ncc);
+    const size_t s_size = 128;
+    s = poolalloc(s_size);
+    snprintf(s,s_size,"NC_<%d>",ncc);
     return s;
 }
 
diff --git a/ncgen3/genlib.c b/ncgen3/genlib.c
index ead98b08df..9c9f987c6f 100644
--- a/ncgen3/genlib.c
+++ b/ncgen3/genlib.c
@@ -129,6 +129,7 @@ cstring(
     int *intp;
     float *floatp;
     double *doublep;
+    size_t cp_size;
 
     switch (type) {
       case NC_CHAR:
@@ -162,34 +163,39 @@ cstring(
 	return sp;
 	
       case NC_BYTE:
-	cp = (char *) emalloc (7);
+    cp_size = 7;
+	cp = (char *) emalloc (cp_size);
 	bytep = (signed char *)valp;
 	/* Need to convert '\377' to -1, for example, on all platforms */
-	(void) sprintf(cp,"%d", (signed char) *(bytep+num));
+	(void) snprintf(cp,cp_size,"%d", (signed char) *(bytep+num));
 	return cp;
 
       case NC_SHORT:
-	cp = (char *) emalloc (10);
+    cp_size = 10;
+	cp = (char *) emalloc (cp_size);
 	shortp = (short *)valp;
-	(void) sprintf(cp,"%d",* (shortp + num));
+	(void) snprintf(cp,cp_size,"%d",* (shortp + num));
 	return cp;
 
       case NC_INT:
-	cp = (char *) emalloc (20);
+    cp_size = 20;
+	cp = (char *) emalloc (cp_size);
 	intp = (int *)valp;
-	(void) sprintf(cp,"%d",* (intp + num));
+	(void) snprintf(cp,cp_size,"%d",* (intp + num));
 	return cp;
 
       case NC_FLOAT:
-	cp = (char *) emalloc (20);
+    cp_size = 20;
+	cp = (char *) emalloc (cp_size);
 	floatp = (float *)valp;
-	(void) sprintf(cp,"%.8g",* (floatp + num));
+	(void) snprintf(cp,cp_size,"%.8g",* (floatp + num));
 	return cp;
 
       case NC_DOUBLE:
-	cp = (char *) emalloc (20);
+    cp_size = 20;
+	cp = (char *) emalloc (cp_size);
 	doublep = (double *)valp;
-	(void) sprintf(cp,"%.16g",* (doublep + num));
+	(void) snprintf(cp,cp_size,"%.16g",* (doublep + num));
 	return cp;
 
       default:
@@ -1046,36 +1052,42 @@ fstring(
     int *intp;
     float *floatp;
     double *doublep;
+    size_t cp_size;
 
     switch (type) {
       case NC_BYTE:
-	cp = (char *) emalloc (10);
+    cp_size = 10;
+	cp = (char *) emalloc (cp_size);
 	schp = (signed char *)valp;
-        sprintf(cp,"%d", schp[num]);
+        snprintf(cp,cp_size,"%d", schp[num]);
 	return cp;
 
       case NC_SHORT:
-	cp = (char *) emalloc (10);
+    cp_size = 10;
+	cp = (char *) emalloc (cp_size);
 	shortp = (short *)valp;
-	(void) sprintf(cp,"%d",* (shortp + num));
+	(void) snprintf(cp,cp_size,"%d",* (shortp + num));
 	return cp;
 
       case NC_INT:
-	cp = (char *) emalloc (20);
+    cp_size = 20;
+	cp = (char *) emalloc (cp_size);
 	intp = (int *)valp;
-	(void) sprintf(cp,"%d",* (intp + num));
+	(void) snprintf(cp,cp_size,"%d",* (intp + num));
 	return cp;
 
       case NC_FLOAT:
-	cp = (char *) emalloc (20);
+    cp_size = 20;
+	cp = (char *) emalloc (cp_size);
 	floatp = (float *)valp;
-	(void) sprintf(cp,"%.8g",* (floatp + num));
+	(void) snprintf(cp,cp_size,"%.8g",* (floatp + num));
 	return cp;
 
       case NC_DOUBLE:
-	cp = (char *) emalloc (25);
+    cp_size = 25;
+	cp = (char *) emalloc (cp_size);
 	doublep = (double *)valp;
-	(void) sprintf(cp,"%.16g",* (doublep + num));
+	(void) snprintf(cp,cp_size,"%.16g",* (doublep + num));
 	expe2d(cp);	/* change 'e' to 'd' in exponent */
 	return cp;