diff --git a/util/kconfig/zconf.l b/util/kconfig/zconf.l
index 0b45c19db9..f2636d2955 100644
--- a/util/kconfig/zconf.l
+++ b/util/kconfig/zconf.l
@@ -273,7 +273,8 @@ FILE *zconf_fopen(const char *name)
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+					"%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}
diff --git a/util/kconfig/zconf.lex.c_shipped b/util/kconfig/zconf.lex.c_shipped
index 72e3a5fca2..4133f71dd2 100644
--- a/util/kconfig/zconf.lex.c_shipped
+++ b/util/kconfig/zconf.lex.c_shipped
@@ -2351,7 +2351,8 @@ FILE *zconf_fopen(const char *name)
 	if (!f && name != NULL && name[0] != '/') {
 		env = getenv(SRCTREE);
 		if (env) {
-			sprintf(fullname, "%s/%s", env, name);
+			snprintf(fullname, sizeof(fullname),
+					"%s/%s", env, name);
 			f = fopen(fullname, "r");
 		}
 	}