diff --git a/driver.c b/driver.c
--- a/driver.c
+++ b/driver.c
@@ -206,18 +206,18 @@ int GetDriverParamInt(const char* const*
 }
 
 
-char *GetDriverList(char* p)
+char *GetDriverList(char* p, const char *last)
 {
 	const DriverClass* dc;
 
 	for (dc = _driver_classes; dc != endof(_driver_classes); dc++) {
 		const DriverDesc* dd;
 
-		p += sprintf(p, "List of %s drivers:\n", dc->name);
+		p += snprintf(p, last - p, "List of %s drivers:\n", dc->name);
 		for (dd = dc->descs; dd->name != NULL; dd++) {
-			p += sprintf(p, "%10s: %s\n", dd->name, dd->longname);
+			p += snprintf(p, last - p, "%10s: %s\n", dd->name, dd->longname);
 		}
-		p += sprintf(p, "\n");
+		p = strecpy(p, "\n", last);
 	}
 
 	return p;
diff --git a/driver.h b/driver.h
--- a/driver.h
+++ b/driver.h
@@ -8,6 +8,6 @@ void LoadDriver(int driver, const char *
 bool GetDriverParamBool(const char* const* parm, const char* name);
 int GetDriverParamInt(const char* const* parm, const char* name, int def);
 
-char *GetDriverList(char* p);
+char *GetDriverList(char *p, const char *last);
 
 #endif /* DRIVER_H */
diff --git a/fileio.c b/fileio.c
--- a/fileio.c
+++ b/fileio.c
@@ -117,7 +117,7 @@ FILE *FioFOpenFile(const char *filename)
 	FILE *f;
 	char buf[MAX_PATH];
 
-	sprintf(buf, "%s%s", _path.data_dir, filename);
+	snprintf(buf, lengthof(buf), "%s%s", _path.data_dir, filename);
 
 	f = fopen(buf, "rb");
 #if !defined(WIN32)
@@ -128,7 +128,7 @@ FILE *FioFOpenFile(const char *filename)
 #if defined SECOND_DATA_DIR
 		// tries in the 2nd data directory
 		if (f == NULL) {
-			sprintf(buf, "%s%s", _path.second_data_dir, filename);
+			snprintf(buf, lengthof(buf), "%s%s", _path.second_data_dir, filename);
 			strtolower(buf + strlen(_path.second_data_dir) - 1);
 			f = fopen(buf, "rb");
 		}
diff --git a/gfxinit.c b/gfxinit.c
--- a/gfxinit.c
+++ b/gfxinit.c
@@ -111,7 +111,7 @@ static bool FileMD5(const MD5File file, 
 	char buf[MAX_PATH];
 
 	// open file
-	sprintf(buf, "%s%s", _path.data_dir, file.filename);
+	snprintf(buf, lengthof(buf), "%s%s", _path.data_dir, file.filename);
 	f = fopen(buf, "rb");
 
 #if !defined(WIN32)
diff --git a/map.c b/map.c
--- a/map.c
+++ b/map.c
@@ -67,7 +67,7 @@ TileIndex TileAdd(TileIndex tile, TileIn
 	if (x >= MapSizeX() || y >= MapSizeY()) {
 		char buf[512];
 
-		sprintf(buf, "TILE_ADD(%s) when adding 0x%.4X and 0x%.4X failed",
+		snprintf(buf, lengthof(buf), "TILE_ADD(%s) when adding 0x%.4X and 0x%.4X failed",
 			exp, tile, add);
 #if !defined(_MSC_VER)
 		fprintf(stderr, "%s:%d %s\n", file, line, buf);
diff --git a/network_client.c b/network_client.c
--- a/network_client.c
+++ b/network_client.c
@@ -457,7 +457,7 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER
 	// First packet, init some stuff
 	if (maptype == MAP_PACKET_START) {
 		// The name for the temp-map
-		sprintf(filename, "%s%snetwork_client.tmp",  _path.autosave_dir, PATHSEP);
+		snprintf(filename, lengthof(filename), "%s%snetwork_client.tmp",  _path.autosave_dir, PATHSEP);
 
 		file_pointer = fopen(filename, "wb");
 		if (file_pointer == NULL) {
diff --git a/network_server.c b/network_server.c
--- a/network_server.c
+++ b/network_server.c
@@ -281,7 +281,7 @@ DEF_SERVER_SEND_COMMAND(PACKET_SERVER_MA
 		Packet *p;
 
 		// Make a dump of the current game
-		sprintf(filename, "%s%snetwork_server.tmp",  _path.autosave_dir, PATHSEP);
+		snprintf(filename, lengthof(filename), "%s%snetwork_server.tmp",  _path.autosave_dir, PATHSEP);
 		if (SaveOrLoad(filename, SL_SAVE) != SL_OK) error("network savedump failed");
 
 		file_pointer = fopen(filename, "rb");
diff --git a/openttd.c b/openttd.c
--- a/openttd.c
+++ b/openttd.c
@@ -78,7 +78,7 @@ void CDECL error(const char *s, ...)
 	char buf[512];
 
 	va_start(va, s);
-	vsprintf(buf, s, va);
+	vsnprintf(buf, lengthof(buf), s, va);
 	va_end(va);
 
 	ShowOSErrorBox(buf);
@@ -93,7 +93,7 @@ void CDECL ShowInfoF(const char *str, ..
 	va_list va;
 	char buf[1024];
 	va_start(va, str);
-	vsprintf(buf, str, va);
+	vsnprintf(buf, lengthof(buf), str, va);
 	va_end(va);
 	ShowInfo(buf);
 }
@@ -132,10 +132,10 @@ static void showhelp(void)
 	extern const char _openttd_revision[];
 	char buf[4096], *p;
 
-	p    = buf;
+	p = buf;
 
-	p += sprintf(p, "OpenTTD %s\n", _openttd_revision);
-	p += sprintf(p,
+	p += snprintf(p, lengthof(buf), "OpenTTD %s\n", _openttd_revision);
+	p = strecpy(p,
 		"\n"
 		"\n"
 		"Command line options:\n"
@@ -157,10 +157,11 @@ static void showhelp(void)
 		"  -i                  = Force to use the DOS palette\n"
 		"                          (use this if you see a lot of pink)\n"
 		"  -c config_file      = Use 'config_file' instead of 'openttd.cfg'\n"
-		"\n"
+		"\n",
+		lastof(buf)
 	);
 
-	p = GetDriverList(p);
+	p = GetDriverList(p, lastof(buf));
 
 	ShowInfo(buf);
 }
@@ -286,10 +287,10 @@ static void LoadIntroGame(void)
 	SetupColorsAndInitialWindow();
 
 	// Generate a world.
-	sprintf(filename, "%sopntitle.dat",  _path.data_dir);
+	snprintf(filename, lengthof(filename), "%sopntitle.dat",  _path.data_dir);
 #if defined SECOND_DATA_DIR
 	if (SaveOrLoad(filename, SL_LOAD) != SL_OK) {
-		sprintf(filename, "%sopntitle.dat",  _path.second_data_dir);
+		snprintf(filename, lengthof(filename), "%sopntitle.dat",  _path.second_data_dir);
 	}
 #endif
 	if (SaveOrLoad(filename, SL_LOAD) != SL_OK) {