diff --git a/src/core/security/credentials.c b/src/core/security/credentials.c
index 60e82d9dfae19397faad8d71ff1146077b82558d..a21c27bff946bef47ae9a2291fd7e8de9da8a8af 100644
--- a/src/core/security/credentials.c
+++ b/src/core/security/credentials.c
@@ -336,6 +336,12 @@ grpc_oauth2_token_fetcher_credentials_parse_server_response(
   grpc_credentials_status status = GRPC_CREDENTIALS_OK;
   grpc_json *json = NULL;
 
+  if (response == NULL) {
+    gpr_log(GPR_ERROR, "Received NULL response.");
+    status = GRPC_CREDENTIALS_ERROR;
+    goto end;
+  }
+
   if (response->body_length > 0) {
     null_terminated_body = gpr_malloc(response->body_length + 1);
     null_terminated_body[response->body_length] = '\0';
diff --git a/src/core/security/json_token.c b/src/core/security/json_token.c
index c85b0cd84751331eb7de3ead3ca56398de533364..20d62e2b438f4f2cce653c1cad128b98db55d597 100644
--- a/src/core/security/json_token.c
+++ b/src/core/security/json_token.c
@@ -206,15 +206,14 @@ static char *encoded_jwt_claim(const grpc_auth_json_key *json_key,
   char *result = NULL;
   gpr_timespec now = gpr_now();
   gpr_timespec expiration = gpr_time_add(now, token_lifetime);
-  /* log10(2^64) ~= 20 */
-  char now_str[24];
-  char expiration_str[24];
+  char now_str[GPR_LTOA_MIN_BUFSIZE];
+  char expiration_str[GPR_LTOA_MIN_BUFSIZE];
   if (gpr_time_cmp(token_lifetime, grpc_max_auth_token_lifetime) > 0) {
     gpr_log(GPR_INFO, "Cropping token lifetime to maximum allowed value.");
     expiration = gpr_time_add(now, grpc_max_auth_token_lifetime);
   }
-  sprintf(now_str, "%ld", now.tv_sec);
-  sprintf(expiration_str, "%ld", expiration.tv_sec);
+  gpr_ltoa(now.tv_sec, now_str);
+  gpr_ltoa(expiration.tv_sec, expiration_str);
 
   child = create_child(NULL, json, "iss", json_key->client_email,
                        GRPC_JSON_STRING);
diff --git a/test/core/security/fetch_oauth2.c b/test/core/security/fetch_oauth2.c
index 369c34a5a5a41d8dad94ddf2ff58208ad50b97db..6315087448947b0644e7b31e4a99044e14e41941 100644
--- a/test/core/security/fetch_oauth2.c
+++ b/test/core/security/fetch_oauth2.c
@@ -95,7 +95,7 @@ static grpc_credentials *create_service_account_creds(
       break;
     }
     current += bytes_read;
-  } while (sizeof(json_key) > (current - json_key));
+  } while (sizeof(json_key) > (size_t)(current - json_key));
 
   if ((current - json_key) == sizeof(json_key)) {
     gpr_log(GPR_ERROR, "Json key file %s exceeds size limit (%d bytes).",