diff --git a/Demo/pysvr/pysvr.c b/Demo/pysvr/pysvr.c
index 99d7b07..50a122c 100644
--- a/Demo/pysvr/pysvr.c
+++ b/Demo/pysvr/pysvr.c
@@ -25,7 +25,7 @@
    Python.h defines a typedef destructor, which conflicts with pthread.h.
    So Python.h must be included after pthread.h. */
 
-#include <Python.h>
+#include "Python.h"
 
 extern int Py_VerboseFlag;
 
@@ -364,6 +364,7 @@
 ps(void)
 {
 	char buffer[100];
-	sprintf(buffer, "ps -l -p %d </dev/null | tail +2l\n", getpid());
+	PyOS_snprintf(buffer, sizeof(buffer),
+		      "ps -l -p %d </dev/null | tail +2l\n", getpid());
 	system(buffer);
 }
diff --git a/Modules/_hotshot.c b/Modules/_hotshot.c
index 3b8d616..deaf9dd 100644
--- a/Modules/_hotshot.c
+++ b/Modules/_hotshot.c
@@ -2,11 +2,11 @@
  * This is the High Performance Python Profiler portion of HotShot.
  */
 
-#include <Python.h>
-#include <compile.h>
-#include <eval.h>
-#include <frameobject.h>
-#include <structmember.h>
+#include "Python.h"
+#include "compile.h"
+#include "eval.h"
+#include "frameobject.h"
+#include "structmember.h"
 
 #ifdef HAVE_UNISTD_H
 #include <unistd.h>
@@ -1452,12 +1452,12 @@
         pack_add_info(self, "executable-version", buffer);
 
 #ifdef MS_WIN32
-    sprintf(cwdbuffer, "%I64d", frequency.QuadPart);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%I64d", frequency.QuadPart);
     pack_add_info(self, "reported-performance-frequency", cwdbuffer);
 #else
-    sprintf(cwdbuffer, "%lu", rusage_diff);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%lu", rusage_diff);
     pack_add_info(self, "observed-interval-getrusage", cwdbuffer);
-    sprintf(cwdbuffer, "%lu", timeofday_diff);
+    PyOS_snprintf(cwdbuffer, sizeof(cwdbuffer), "%lu", timeofday_diff);
     pack_add_info(self, "observed-interval-gettimeofday", cwdbuffer);
 #endif
 
diff --git a/Modules/_localemodule.c b/Modules/_localemodule.c
index 61a5c7c..d96a967 100644
--- a/Modules/_localemodule.c
+++ b/Modules/_localemodule.c
@@ -376,7 +376,7 @@
     if (!PyArg_NoArgs(args))
         return NULL;
 
-    sprintf(encoding, "cp%d", GetACP());
+    PyOS_snprintf(encoding, sizeof(encoding), "cp%d", GetACP());
 
     if (GetLocaleInfo(LOCALE_USER_DEFAULT,
                       LOCALE_SISO639LANGNAME,
diff --git a/Modules/_testcapimodule.c b/Modules/_testcapimodule.c
index 01e103b..0f5fa7c 100644
--- a/Modules/_testcapimodule.c
+++ b/Modules/_testcapimodule.c
@@ -19,7 +19,7 @@
 	if (strlen(test_name) + strlen(msg) > sizeof(buf) - 50)
 		PyErr_SetString(TestError, "internal error msg too large");
 	else {
-		sprintf(buf, "%s: %s", test_name, msg);
+		PyOS_snprintf(buf, sizeof(buf), "%s: %s", test_name, msg);
 		PyErr_SetString(TestError, buf);
 	}
 	return NULL;
@@ -36,7 +36,8 @@
         int expected, int got)
 {
 	char buf[1024];
-	sprintf(buf, "%.200s #define == %d but sizeof(%.200s) == %d",
+	PyOS_snprintf(buf, sizeof(buf), 
+		"%.200s #define == %d but sizeof(%.200s) == %d",
 		fatname, expected, typename, got);
 	PyErr_SetString(TestError, buf);
 	return (PyObject*)NULL;
diff --git a/Modules/_tkinter.c b/Modules/_tkinter.c
index eedb0c1..4e701ad 100644
--- a/Modules/_tkinter.c
+++ b/Modules/_tkinter.c
@@ -1579,8 +1579,8 @@
 	TkttObject *v = (TkttObject *)self;
 	char buf[100];
 
-	sprintf(buf, "<tktimertoken at %p%s>", v,
-		v->func == NULL ? ", handler deleted" : "");
+	PyOS_snprintf(buf, sizeof(buf), "<tktimertoken at %p%s>", v,
+		      v->func == NULL ? ", handler deleted" : "");
 	return PyString_FromString(buf);
 }
 
diff --git a/Modules/arraymodule.c b/Modules/arraymodule.c
index 6168bb0..11d0723 100644
--- a/Modules/arraymodule.c
+++ b/Modules/arraymodule.c
@@ -1313,12 +1313,13 @@
 	int i, len;
 	len = a->ob_size;
 	if (len == 0) {
-		sprintf(buf, "array('%c')", a->ob_descr->typecode);
+		PyOS_snprintf(buf, sizeof(buf), "array('%c')",
+			      a->ob_descr->typecode);
 		return PyString_FromString(buf);
 	}
 	if (a->ob_descr->typecode == 'c') {
 		PyObject *t_empty = PyTuple_New(0);
-		sprintf(buf, "array('c', ");
+		PyOS_snprintf(buf, sizeof(buf), "array('c', ");
 		s = PyString_FromString(buf);
 		v = array_tostring(a, t_empty);
 		Py_DECREF(t_empty);
@@ -1328,7 +1329,7 @@
 		PyString_ConcatAndDel(&s, PyString_FromString(")"));
 		return s;
 	}
-	sprintf(buf, "array('%c', [", a->ob_descr->typecode);
+	PyOS_snprintf(buf, sizeof(buf), "array('%c', [", a->ob_descr->typecode);
 	s = PyString_FromString(buf);
 	comma = PyString_FromString(", ");
 	for (i = 0; i < len && !PyErr_Occurred(); i++) {
diff --git a/Modules/flmodule.c b/Modules/flmodule.c
index ef853f5..25037bf 100644
--- a/Modules/flmodule.c
+++ b/Modules/flmodule.c
@@ -370,8 +370,8 @@
 generic_repr(genericobject *g)
 {
 	char buf[100];
-	sprintf(buf, "<FORMS_object at %p, objclass=%d>",
-		g, g->ob_generic->objclass);
+	PyOS_snprintf(buf, sizeof(buf), "<FORMS_object at %p, objclass=%d>",
+		      g, g->ob_generic->objclass);
 	return PyString_FromString(buf);
 }
 
@@ -1580,8 +1580,8 @@
 form_repr(formobject *f)
 {
 	char buf[100];
-	sprintf(buf, "<FORMS_form at %p, window=%ld>",
-		f, f->ob_form->window);
+	PyOS_snprintf(buf, sizeof(buf), "<FORMS_form at %p, window=%ld>",
+		      f, f->ob_form->window);
 	return PyString_FromString(buf);
 }
 
diff --git a/Modules/gdbmmodule.c b/Modules/gdbmmodule.c
index 0190a9b..505ce92 100644
--- a/Modules/gdbmmodule.c
+++ b/Modules/gdbmmodule.c
@@ -477,7 +477,8 @@
                 break;
 #endif
             default:
-                sprintf(buf, "Flag '%c' is not supported.", *flags);
+                PyOS_snprintf(buf, sizeof(buf), "Flag '%c' is not supported.",
+                	      *flags);
                 PyErr_SetString(DbmError, buf);
                 return NULL;
         }
diff --git a/Modules/pcremodule.c b/Modules/pcremodule.c
index e34c002..7a8900d 100644
--- a/Modules/pcremodule.c
+++ b/Modules/pcremodule.c
@@ -263,7 +263,8 @@
 	case('U'):    case('l'):    case('u'):
 	{
 		char message[50];
-		sprintf(message, "\\%c is not allowed", c);
+		PyOS_snprintf(message, sizeof(message),
+			      "\\%c is not allowed", c);
 		PyErr_SetString(ErrorObject, message);
 		return NULL;
 	}
@@ -495,7 +496,7 @@
 				if (result==Py_None)
 				{
 					char message[50];
-					sprintf(message, 
+					PyOS_snprintf(message, sizeof(message),
 						"group did not contribute to the match");
 					PyErr_SetString(ErrorObject, 
 							message);
diff --git a/Modules/posixmodule.c b/Modules/posixmodule.c
index 27e7f1a..365a836 100644
--- a/Modules/posixmodule.c
+++ b/Modules/posixmodule.c
@@ -432,7 +432,8 @@
     if (rc == NO_ERROR)
         os2_formatmsg(msgbuf, msglen, reason);
     else
-        sprintf(msgbuf, "unknown OS error #%d", errorcode);
+        PyOS_snprintf(msgbuf, sizeof(msgbuf),
+        	      "unknown OS error #%d", errorcode);
 
     return msgbuf;
 }
@@ -5814,8 +5815,9 @@
     case 40: ver = "4.00"; break;
     case 50: ver = "5.00"; break;
     default:
-        sprintf(tmp, "%d-%d", values[QSV_VERSION_MAJOR],
-                              values[QSV_VERSION_MINOR]);
+        PyOS_snprintf(tmp, sizeof(tmp),
+        	      "%d-%d", values[QSV_VERSION_MAJOR],
+                      values[QSV_VERSION_MINOR]);
         ver = &tmp[0];
     }
 
diff --git a/Modules/pyexpat.c b/Modules/pyexpat.c
index dada234..90e53b6 100644
--- a/Modules/pyexpat.c
+++ b/Modules/pyexpat.c
@@ -129,7 +129,7 @@
     int column = XML_GetErrorColumnNumber(parser);
     enum XML_Error code = XML_GetErrorCode(parser);
 
-    sprintf(buffer, "%.200s: line %i, column %i",
+    PyOS_snprintf(buffer, sizeof(buffer), "%.200s: line %i, column %i",
             XML_ErrorString(code), lineno, column);
     err = PyObject_CallFunction(ErrorObject, "s", buffer);
     if (  err != NULL
diff --git a/Modules/readline.c b/Modules/readline.c
index d213992..fe653b8 100644
--- a/Modules/readline.c
+++ b/Modules/readline.c
@@ -165,7 +165,7 @@
 {
 	PyObject *function = Py_None;
 	char buf[80];
-	sprintf(buf, "|O:set_%.50s", funcname);
+	PyOS_snprintf(buf, sizeof(buf), "|O:set_%.50s", funcname);
 	if (!PyArg_ParseTuple(args, buf, &function))
 		return NULL;
 	if (function == Py_None) {
@@ -181,7 +181,9 @@
 		*tstate = PyThreadState_Get();
 	}
 	else {
-		sprintf(buf, "set_%.50s(func): argument not callable", funcname);
+		PyOS_snprintf(buf, sizeof(buf),
+			      "set_%.50s(func): argument not callable",
+			      funcname);
 		PyErr_SetString(PyExc_TypeError, buf);
 		return NULL;
 	}
diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c
index 2b27e71..eccee4d 100644
--- a/Modules/socketmodule.c
+++ b/Modules/socketmodule.c
@@ -1768,9 +1768,11 @@
 		return NULL;
 	}
 #endif
-	sprintf(buf,
-		"<socket object, fd=%ld, family=%d, type=%d, protocol=%d>",
-		(long)s->sock_fd, s->sock_family, s->sock_type, s->sock_proto);
+	PyOS_snprintf(buf, sizeof(buf),
+		      "<socket object, fd=%ld, family=%d, type=%d, protocol=%d>",
+		      (long)s->sock_fd, s->sock_family,
+		      s->sock_type,
+		      s->sock_proto);
 	return PyString_FromString(buf);
 }
 
@@ -3056,7 +3058,8 @@
 		    "WSAStartup failed: requested version not supported");
 		break;
 	default:
-		sprintf(buf, "WSAStartup failed: error code %d", ret);
+		PyOS_snprintf(buf, sizeof(buf),
+			      "WSAStartup failed: error code %d", ret);
 		PyErr_SetString(PyExc_ImportError, buf);
 		break;
 	}
diff --git a/Modules/stropmodule.c b/Modules/stropmodule.c
index bd56ee0..3c5de2b 100644
--- a/Modules/stropmodule.c
+++ b/Modules/stropmodule.c
@@ -772,7 +772,8 @@
 		end++;
 	if (*end != '\0') {
   bad:
-		sprintf(buffer, "invalid literal for atoi(): %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer),
+			      "invalid literal for atoi(): %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
@@ -865,12 +866,14 @@
 	while (*end && isspace(Py_CHARMASK(*end)))
 		end++;
 	if (*end != '\0') {
-		sprintf(buffer, "invalid literal for atof(): %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer),
+			      "invalid literal for atof(): %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
 	else if (errno != 0) {
-		sprintf(buffer, "atof() literal too large: %.200s", s);
+		PyOS_snprintf(buffer, sizeof(buffer), 
+			      "atof() literal too large: %.200s", s);
 		PyErr_SetString(PyExc_ValueError, buffer);
 		return NULL;
 	}
diff --git a/Objects/stringobject.c b/Objects/stringobject.c
index 74c4b52..723918d 100644
--- a/Objects/stringobject.c
+++ b/Objects/stringobject.c
@@ -2876,7 +2876,9 @@
 		prec = 6;
 	if (type == 'f' && fabs(x)/1e25 >= 1e25)
 		type = 'g';
-	sprintf(fmt, "%%%s.%d%c", (flags&F_ALT) ? "#" : "", prec, type);
+	PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%d%c",
+		      (flags&F_ALT) ? "#" : "",
+		      prec, type);
 	/* worst case length calc to ensure no buffer overrun:
 	     fmt = %#.<prec>g
 	     buf = '-' + [0-9]*prec + '.' + 'e+' + (longest exp
@@ -2889,7 +2891,7 @@
 			"formatted float is too long (precision too large?)");
 		return -1;
 	}
-	sprintf(buf, fmt, x);
+	PyOS_snprintf(buf, buflen, fmt, x);
 	return strlen(buf);
 }
 
@@ -3047,7 +3049,9 @@
 		return -1;
 	if (prec < 0)
 		prec = 1;
-	sprintf(fmt, "%%%s.%dl%c", (flags&F_ALT) ? "#" : "", prec, type);
+	PyOS_snprintf(fmt, sizeof(fmt), "%%%s.%dl%c",
+		      (flags&F_ALT) ? "#" : "", 
+		      prec, type);
 	/* buf = '+'/'-'/'0'/'0x' + '[0-9]'*max(prec, len(x in octal))
 	   worst case buf = '0x' + [0-9]*prec, where prec >= 11 */
 	if (buflen <= 13 || buflen <= (size_t)2 + (size_t)prec) {
@@ -3055,7 +3059,7 @@
 			"formatted integer is too long (precision too large?)");
 		return -1;
 	}
-	sprintf(buf, fmt, x);
+	PyOS_snprintf(buf, buflen, fmt, x);
 	/* When converting 0 under %#x or %#X, C leaves off the base marker,
 	 * but we want it (for consistency with other %#x conversions, and
 	 * for consistency with Python's hex() function).