diff --git a/testsuite/bignum-test.c b/testsuite/bignum-test.c
index b86108fce7648e71f41352ee7ed8336a440a302b..84e0483cc2de1acb54f5e68ff4333a21f4c7fc1c 100644
--- a/testsuite/bignum-test.c
+++ b/testsuite/bignum-test.c
@@ -23,7 +23,7 @@ test_bignum(const char *hex, unsigned length, const uint8_t *base256)
   if (mpz_cmp(a, b))
     FAIL();
 
-  buf = alloca(length + 1);
+  buf = xalloc(length + 1);
   memset(buf, 17, length + 1);
 
   nettle_mpz_get_str_256(length, buf, a);
@@ -34,6 +34,7 @@ test_bignum(const char *hex, unsigned length, const uint8_t *base256)
     FAIL();
 
   mpz_clear(a); mpz_clear(b);
+  free(buf);
 }
 
 static void
diff --git a/testsuite/rsa-encrypt-test.c b/testsuite/rsa-encrypt-test.c
index 2c1373fe5c73d8dd55997ceaa34d1a465e4ad4c2..e733f79d869f5ac40fae493b1a8ac3491acc2e56 100644
--- a/testsuite/rsa-encrypt-test.c
+++ b/testsuite/rsa-encrypt-test.c
@@ -44,7 +44,7 @@ test_main(void)
       mpz_out_str(stderr, 10, gibberish);
     }
   
-  decrypted = alloca(msg_length + 1);
+  decrypted = xalloc(msg_length + 1);
 
   decrypted_length = msg_length - 1;
   ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
@@ -62,7 +62,7 @@ test_main(void)
   rsa_private_key_clear(&key);
   rsa_public_key_clear(&pub);
   mpz_clear(gibberish);
-
+  free(decrypted);
   SUCCESS();
   
 #else /* !WITH_PUBLIC_KEY */
diff --git a/testsuite/yarrow-test.c b/testsuite/yarrow-test.c
index ae97a255ede809f85a34b830d70a64d03c29c05e..e2e97a8bbb15b8845d3167708f498e9f1a07de64 100644
--- a/testsuite/yarrow-test.c
+++ b/testsuite/yarrow-test.c
@@ -45,7 +45,8 @@ open_file(const char *name)
   const char *srcdir = getenv("srcdir");
   if (srcdir && srcdir[0])
     {
-      char *buf = alloca(strlen(name) + strlen(srcdir) + 10);
+      /* Leaks this name, but that doesn't matter. */
+      char *buf = xalloc(strlen(name) + strlen(srcdir) + 10);
       sprintf(buf, "%s/%s", srcdir, name);
       name = buf;
     }