diff --git a/src/ext_smi.c b/src/ext_smi.c
index 870f4ccb7..ef032bf8f 100644
--- a/src/ext_smi.c
+++ b/src/ext_smi.c
@@ -7,9 +7,9 @@
 
 int hc_nvidia_smi (int dev, int *temperature, int *gpu)
 {
-  char cmd[256]; memset (cmd, 0, sizeof (cmd));
+  char cmd[256] = { 0 };
 
-  sprintf (cmd, "nvidia-smi -q -g %d", dev);
+  snprintf (cmd, sizeof (cmd) - 1, "nvidia-smi -q -g %d", dev);
 
   FILE *fp = popen (cmd, "r");
 
diff --git a/src/oclHashcat.c b/src/oclHashcat.c
index 4da285c9c..fd474f091 100644
--- a/src/oclHashcat.c
+++ b/src/oclHashcat.c
@@ -12690,16 +12690,11 @@ int main (int argc, char **argv)
         snprintf (device_name_chksum, INFOSZ - 1, "%u-%u-%u-%s-%s-%s-%u", 32, device_param->vendor_id, device_param->vector_width, device_param->device_name, device_param->device_version, device_param->driver_version, COMPTIME);
         #endif
 
-        uint device_name_digest[4];
-
-        device_name_digest[0] = 0;
-        device_name_digest[1] = 0;
-        device_name_digest[2] = 0;
-        device_name_digest[3] = 0;
+        uint device_name_digest[4] = { 0 };
 
         md5_64 ((uint *) device_name_chksum, device_name_digest);
 
-        sprintf (device_name_chksum, "%08x", device_name_digest[0]);
+        snprintf (device_name_chksum, INFOSZ - 1, "%08x", device_name_digest[0]);
 
         device_param->device_name_chksum = device_name_chksum;
 
@@ -13483,11 +13478,11 @@ int main (int argc, char **argv)
        * default building options
        */
 
-      char build_opts[1024];
+      char build_opts[1024] = { 0 };
 
       // we don't have sm_* on vendors not NV but it doesn't matter
 
-      sprintf (build_opts, "-I%s/ -DVENDOR_ID=%d -DCUDA_ARCH=%d -DVECT_SIZE=%u -DDEVICE_TYPE=%u", shared_dir, device_param->vendor_id, (device_param->sm_major * 100) + device_param->sm_minor, device_param->vector_width, (u32) device_param->device_type);
+      snprintf (build_opts, sizeof (build_opts) - 1, "-I%s/ -DVENDOR_ID=%d -DCUDA_ARCH=%d -DVECT_SIZE=%u -DDEVICE_TYPE=%u", shared_dir, device_param->vendor_id, (device_param->sm_major * 100) + device_param->sm_minor, device_param->vector_width, (u32) device_param->device_type);
 
       /**
        * main kernel
@@ -13581,11 +13576,11 @@ int main (int argc, char **argv)
 
           if (force_jit_compilation == 1500)
           {
-            sprintf (build_opts, "%s -DDESCRYPT_SALT=%d", build_opts, data.salts_buf[0].salt_buf[0]);
+            snprintf (build_opts, sizeof (build_opts) - 1, "%s -DDESCRYPT_SALT=%d", build_opts, data.salts_buf[0].salt_buf[0]);
           }
           else if (force_jit_compilation == 8900)
           {
-            sprintf (build_opts, "%s -DSCRYPT_N=%d -DSCRYPT_R=%d -DSCRYPT_P=%d -DSCRYPT_TMTO=%d", build_opts, data.salts_buf[0].scrypt_N, data.salts_buf[0].scrypt_r, data.salts_buf[0].scrypt_p, 1 << data.salts_buf[0].scrypt_tmto);
+            snprintf (build_opts, sizeof (build_opts) - 1, "%s -DSCRYPT_N=%d -DSCRYPT_R=%d -DSCRYPT_P=%d -DSCRYPT_TMTO=%d", build_opts, data.salts_buf[0].scrypt_N, data.salts_buf[0].scrypt_r, data.salts_buf[0].scrypt_p, 1 << data.salts_buf[0].scrypt_tmto);
           }
 
           hc_clBuildProgram (device_param->program, 1, &device_param->device, build_opts, NULL, NULL);
diff --git a/src/shared.c b/src/shared.c
index 6af7ca815..c433b7b33 100644
--- a/src/shared.c
+++ b/src/shared.c
@@ -2607,7 +2607,7 @@ char *logfile_generate_topid ()
 
   char *topid = (char *) mymalloc (1 + 16 + 1);
 
-  sprintf (topid, "TOP%08x", id);
+  snprintf (topid, 1 + 16, "TOP%08x", id);
 
   return topid;
 }
@@ -2618,7 +2618,7 @@ char *logfile_generate_subid ()
 
   char *subid = (char *) mymalloc (1 + 16 + 1);
 
-  sprintf (subid, "SUB%08x", id);
+  snprintf (subid, 1 + 16, "SUB%08x", id);
 
   return subid;
 }
@@ -4130,9 +4130,9 @@ char *get_exec_path ()
 
   #ifdef LINUX
 
-  char tmp[32];
+  char tmp[32] = { 0 };
 
-  sprintf (tmp, "/proc/%d/exe", getpid ());
+  snprintf (tmp, sizeof (tmp) - 1, "/proc/%d/exe", getpid ());
 
   const int len = readlink (tmp, exec_path, exec_path_len - 1);
 
@@ -4188,9 +4188,11 @@ char *get_profile_dir (const char *homedir)
 {
   #define DOT_HASHCAT ".hashcat"
 
-  char *profile_dir = (char *) mymalloc (strlen (homedir) + 1 + strlen (DOT_HASHCAT) + 1);
+  size_t len = strlen (homedir) + 1 + strlen (DOT_HASHCAT);
 
-  sprintf (profile_dir, "%s/%s", homedir, DOT_HASHCAT);
+  char *profile_dir = (char *) mymalloc (len + 1);
+
+  snprintf (profile_dir, len, "%s/%s", homedir, DOT_HASHCAT);
 
   return profile_dir;
 }
@@ -4199,9 +4201,11 @@ char *get_session_dir (const char *profile_dir)
 {
   #define SESSIONS_FOLDER "sessions"
 
-  char *session_dir = (char *) mymalloc (strlen (profile_dir) + 1 + strlen (SESSIONS_FOLDER) + 1);
+  size_t len = strlen (profile_dir) + 1 + strlen (SESSIONS_FOLDER);
+
+  char *session_dir = (char *) mymalloc (len + 1);
 
-  sprintf (session_dir, "%s/%s", profile_dir, SESSIONS_FOLDER);
+  snprintf (session_dir, len, "%s/%s", profile_dir, SESSIONS_FOLDER);
 
   return session_dir;
 }