diff --git a/vl.c b/vl.c
index c4d3fc0d3d2ee2f24fd5bfb67396ae5f85d77a05..768dbf48ad14a0a342072d0c008d6992e757cd20 100644
--- a/vl.c
+++ b/vl.c
@@ -759,8 +759,10 @@ char *get_boot_devices_list(uint32_t *size)
         }
 
         if (i->suffix && devpath) {
-            bootpath = qemu_malloc(strlen(devpath) + strlen(i->suffix) + 1);
-            sprintf(bootpath, "%s%s", devpath, i->suffix);
+            size_t bootpathlen = strlen(devpath) + strlen(i->suffix) + 1;
+
+            bootpath = qemu_malloc(bootpathlen);
+            snprintf(bootpath, bootpathlen, "%s%s", devpath, i->suffix);
             qemu_free(devpath);
         } else if (devpath) {
             bootpath = devpath;