diff --git a/src/tests/Common/Platform/platformdefines.cpp b/src/tests/Common/Platform/platformdefines.cpp
index 5f42534d10a82a..1a31cfae414bd1 100644
--- a/src/tests/Common/Platform/platformdefines.cpp
+++ b/src/tests/Common/Platform/platformdefines.cpp
@@ -170,8 +170,9 @@ error_t TP_putenv_s(LPWSTR name, LPWSTR value)
         return 0;
 #else
     int retVal = 0;
-    char *assignment = (char*) malloc(sizeof(char) * (TP_slen(name) + TP_slen(value) + 1));
-    sprintf(assignment, "%s=%s", HackyConvertToSTR(name), HackyConvertToSTR(value));
+    size_t assignmentSize = sizeof(char) * (TP_slen(name) + TP_slen(value) + 1 + 1);
+    char *assignment = (char*) malloc(assignmentSize);
+    snprintf(assignment, assignmentSize, "%s=%s", HackyConvertToSTR(name), HackyConvertToSTR(value));
 
     if (0 != putenv(assignment))
         retVal = 2;
diff --git a/src/tests/nativeaot/SmokeTests/PInvoke/PInvokeNative.cpp b/src/tests/nativeaot/SmokeTests/PInvoke/PInvokeNative.cpp
index 480209d3b2560a..43f9db11df1b65 100644
--- a/src/tests/nativeaot/SmokeTests/PInvoke/PInvokeNative.cpp
+++ b/src/tests/nativeaot/SmokeTests/PInvoke/PInvokeNative.cpp
@@ -569,12 +569,12 @@ DLL_EXPORT bool __stdcall StructTest_Array(NativeSequentialStruct *nss, int leng
             return false;
         if (nss[i].b != i*i)
             return false;
-        sprintf(expected, "%d", i);
+        snprintf(expected, sizeof(expected), "%d", i);
 
         if (CompareAnsiString(expected, nss[i].str) == 0)
             return false;
 
-        sprintf(expected, "u8%d", i);
+        snprintf(expected, sizeof(expected), "u8%d", i);
 
         if (CompareAnsiString(expected, nss[i].u8str) == 0)
             return false;