diff --git a/channeld/full_channel.c b/channeld/full_channel.c
index 48348d1cf..e8b395a41 100644
--- a/channeld/full_channel.c
+++ b/channeld/full_channel.c
@@ -1082,7 +1082,7 @@ const char *channel_add_err_name(enum channel_add_err e)
 		if (enum_channel_add_err_names[i].v == e)
 			return enum_channel_add_err_names[i].name;
 	}
-	sprintf(invalidbuf, "INVALID %i", e);
+	snprintf(invalidbuf, sizeof(invalidbuf), "INVALID %i", e);
 	return invalidbuf;
 }
 
@@ -1094,6 +1094,6 @@ const char *channel_remove_err_name(enum channel_remove_err e)
 		if (enum_channel_remove_err_names[i].v == e)
 			return enum_channel_remove_err_names[i].name;
 	}
-	sprintf(invalidbuf, "INVALID %i", e);
+	snprintf(invalidbuf, sizeof(invalidbuf), "INVALID %i", e);
 	return invalidbuf;
 }
diff --git a/cli/lightning-cli.c b/cli/lightning-cli.c
index 1c791b3f3..fd73ef1d3 100644
--- a/cli/lightning-cli.c
+++ b/cli/lightning-cli.c
@@ -232,7 +232,7 @@ int main(int argc, char *argv[])
 	 * not need to have lightningd running in this case. */
 	if (streq(method, "help") && format == HUMAN && argc >= 3) {
 		char command[strlen(argv[2]) + sizeof("lightning-")];
-		sprintf(command, "lightning-%s", argv[2]);
+		snprintf(command, sizeof(command), "lightning-%s", argv[2]);
 		exec_man(command);
 	}
 
diff --git a/common/json_escaped.c b/common/json_escaped.c
index 4734c3d87..0780bccc7 100644
--- a/common/json_escaped.c
+++ b/common/json_escaped.c
@@ -89,7 +89,7 @@ static struct json_escaped *escape(const tal_t *ctx,
 			break;
 		default:
 			if ((unsigned)str[i] < ' ' || str[i] == 127) {
-				sprintf(esc->s + n, "\\u%04X", str[i]);
+				snprintf(esc->s + n, 7, "\\u%04X", str[i]);
 				n += 5;
 				continue;
 			}
diff --git a/lightningd/bitcoind.c b/lightningd/bitcoind.c
index 2be075537..6d3781c7a 100644
--- a/lightningd/bitcoind.c
+++ b/lightningd/bitcoind.c
@@ -350,7 +350,7 @@ static void do_one_estimatefee(struct bitcoind *bitcoind,
 {
 	char blockstr[STR_MAX_CHARS(u32)];
 
-	sprintf(blockstr, "%u", efee->blocks[efee->i]);
+	snprintf(blockstr, sizeof(blockstr), "%u", efee->blocks[efee->i]);
 	start_bitcoin_cli(bitcoind, NULL, process_estimatefee, false, NULL, efee,
 			  "estimatesmartfee", blockstr, efee->estmode[efee->i],
 			  NULL);
@@ -682,7 +682,7 @@ void bitcoind_getblockhash_(struct bitcoind *bitcoind,
 			    void *arg)
 {
 	char str[STR_MAX_CHARS(height)];
-	sprintf(str, "%u", height);
+	snprintf(str, sizeof(str), "%u", height);
 
 	start_bitcoin_cli(bitcoind, NULL, process_getblockhash, true, cb, arg,
 			  "getblockhash", str, NULL);
diff --git a/lightningd/log.c b/lightningd/log.c
index 0f6d9287e..8a382fbdd 100644
--- a/lightningd/log.c
+++ b/lightningd/log.c
@@ -360,12 +360,12 @@ static void log_one_line(unsigned int skipped,
 	char buf[101];
 
 	if (skipped) {
-		sprintf(buf, "%s... %u skipped...", data->prefix, skipped);
+		snprintf(buf, sizeof(buf), "%s... %u skipped...", data->prefix, skipped);
 		write_all(data->fd, buf, strlen(buf));
 		data->prefix = "\n";
 	}
 
-	sprintf(buf, "%s+%lu.%09u %s%s: ",
+	snprintf(buf, sizeof(buf), "%s+%lu.%09u %s%s: ",
 		data->prefix,
 		(unsigned long)diff.ts.tv_sec,
 		(unsigned)diff.ts.tv_nsec,
@@ -501,7 +501,7 @@ static void log_dump_to_file(int fd, const struct log_book *lr)
 	}
 
 	start = lr->init_time.ts.tv_sec;
-	len = sprintf(buf, "%zu bytes, %s", lr->mem_used, ctime(&start));
+	len = snprintf(buf, sizeof(buf), "%zu bytes, %s", lr->mem_used, ctime(&start));
 	write_all(fd, buf, len);
 
 	/* ctime includes \n... WTF? */
@@ -579,7 +579,7 @@ static void json_add_time(struct json_result *result, const char *fieldname,
 {
 	char timebuf[100];
 
-	sprintf(timebuf, "%lu.%09u",
+	snprintf(timebuf, sizeof(timebuf), "%lu.%09u",
 		(unsigned long)ts.tv_sec,
 		(unsigned)ts.tv_nsec);
 	json_add_string(result, fieldname, timebuf);
diff --git a/lightningd/memdump.c b/lightningd/memdump.c
index e886edb83..1e3b72810 100644
--- a/lightningd/memdump.c
+++ b/lightningd/memdump.c
@@ -15,7 +15,7 @@ static void json_add_ptr(struct json_result *response, const char *name,
 			 const void *ptr)
 {
 	char ptrstr[STR_MAX_CHARS(void *)];
-	sprintf(ptrstr, "%p", ptr);
+	snprintf(ptrstr, sizeof(ptrstr), "%p", ptr);
 	json_add_string(response, name, ptrstr);
 }
 
diff --git a/tools/generate-wire.py b/tools/generate-wire.py
index 471fbb6be..4355810ce 100755
--- a/tools/generate-wire.py
+++ b/tools/generate-wire.py
@@ -703,7 +703,7 @@ const char *{enumname}_name(int e)
 \t{cases}
 \t}}
 
-\tsprintf(invalidbuf, "INVALID %i", e);
+\tsnprintf(invalidbuf, sizeof(invalidbuf), "INVALID %i", e);
 \treturn invalidbuf;
 }}