diff --git a/lldb/source/Core/SourceManager.cpp b/lldb/source/Core/SourceManager.cpp
--- a/lldb/source/Core/SourceManager.cpp
+++ b/lldb/source/Core/SourceManager.cpp
@@ -205,7 +205,8 @@
       }
 
       char buffer[3];
-      sprintf(buffer, "%2.2s", (line == curr_line) ? current_line_cstr : "");
+      snprintf(buffer, sizeof(buffer), "%2.2s",
+               (line == curr_line) ? current_line_cstr : "");
       std::string current_line_highlight(buffer);
 
       auto debugger_sp = m_debugger_wp.lock();
diff --git a/lldb/source/DataFormatters/StringPrinter.cpp b/lldb/source/DataFormatters/StringPrinter.cpp
--- a/lldb/source/DataFormatters/StringPrinter.cpp
+++ b/lldb/source/DataFormatters/StringPrinter.cpp
@@ -154,11 +154,11 @@
   switch (escape_style) {
   case StringPrinter::EscapeStyle::CXX:
     // Prints 4 characters, then a \0 terminator.
-    escaped_len = sprintf((char *)data, "\\x%02x", *buffer);
+    escaped_len = snprintf((char *)data, max_buffer_size, "\\x%02x", *buffer);
     break;
   case StringPrinter::EscapeStyle::Swift:
     // Prints up to 6 characters, then a \0 terminator.
-    escaped_len = sprintf((char *)data, "\\u{%x}", *buffer);
+    escaped_len = snprintf((char *)data, max_buffer_size, "\\u{%x}", *buffer);
     break;
   }
   lldbassert(escaped_len > 0 && "unknown string escape style");
@@ -201,11 +201,11 @@
   switch (escape_style) {
   case StringPrinter::EscapeStyle::CXX:
     // Prints 10 characters, then a \0 terminator.
-    escaped_len = sprintf((char *)data, "\\U%08x", codepoint);
+    escaped_len = snprintf((char *)data, max_buffer_size, "\\U%08x", codepoint);
     break;
   case StringPrinter::EscapeStyle::Swift:
     // Prints up to 12 characters, then a \0 terminator.
-    escaped_len = sprintf((char *)data, "\\u{%x}", codepoint);
+    escaped_len = snprintf((char *)data, max_buffer_size, "\\u{%x}", codepoint);
     break;
   }
   lldbassert(escaped_len > 0 && "unknown string escape style");
diff --git a/lldb/source/Host/macosx/objcxx/Host.mm b/lldb/source/Host/macosx/objcxx/Host.mm
--- a/lldb/source/Host/macosx/objcxx/Host.mm
+++ b/lldb/source/Host/macosx/objcxx/Host.mm
@@ -719,12 +719,12 @@
                                 const Args &args) {
   size_t count = args.GetArgumentCount();
   char buf[50]; // long enough for 'argXXX'
-  memset(buf, 0, 50);
-  sprintf(buf, "%sCount", prefix);
+  memset(buf, 0, sizeof(buf));
+  snprintf(buf, sizeof(buf), "%sCount", prefix);
   xpc_dictionary_set_int64(message, buf, count);
   for (size_t i = 0; i < count; i++) {
-    memset(buf, 0, 50);
-    sprintf(buf, "%s%zi", prefix, i);
+    memset(buf, 0, sizeof(buf));
+    snprintf(buf, sizeof(buf), "%s%zi", prefix, i);
     xpc_dictionary_set_string(message, buf, args.GetArgumentAtIndex(i));
   }
 }