diff --git a/utility/load_kernel_test.c b/utility/load_kernel_test.c
index a2800bfa03..ee385bf1eb 100644
--- a/utility/load_kernel_test.c
+++ b/utility/load_kernel_test.c
@@ -43,8 +43,8 @@ VbError_t VbExDiskRead(VbExDiskHandle_t handle, uint64_t lba_start,
     return 1;
   }
 
-  fseek(image_file, lba_start * lkp.bytes_per_lba, SEEK_SET);
-  if (1 != fread(buffer, lba_count * lkp.bytes_per_lba, 1, image_file)) {
+  if (0 != fseek(image_file, lba_start * lkp.bytes_per_lba, SEEK_SET) ||
+      1 != fread(buffer, lba_count * lkp.bytes_per_lba, 1, image_file)) {
     fprintf(stderr, "Read error.");
     return 1;
   }
@@ -152,6 +152,11 @@ int main(int argc, char* argv[]) {
       return 1;
     }
     printf("Read %" PRIu64 " bytes of key from %s\n", key_size, argv[optind+1]);
+    if (key_size > 16*1024*1024) {
+      fprintf(stderr, "Key blob size=%" PRIu64 " is ridiculous.\n", key_size);
+      free(key_blob);
+      return 1;
+    }
   }
 
   /* Initialize the GBB */
diff --git a/utility/tpmc.c b/utility/tpmc.c
index 0919a634f0..baddee654e 100644
--- a/utility/tpmc.c
+++ b/utility/tpmc.c
@@ -320,7 +320,7 @@ static uint32_t HandlerGetOwnership(void) {
 }
 
 static uint32_t HandlerGetRandom(void) {
-  uint32_t length, size;
+  uint32_t length, size = 0;
   uint8_t* bytes;
   uint32_t result;
   int i;
diff --git a/utility/verify_data.c b/utility/verify_data.c
index 95c1bbd5e8..ed4bcc1608 100644
--- a/utility/verify_data.c
+++ b/utility/verify_data.c
@@ -38,13 +38,16 @@ uint8_t* read_signature(char* input_file, int len) {
 
   /* Read the signature into a buffer*/
   signature = (uint8_t*) malloc(len);
-  if (!signature)
+  if (!signature) {
+    close(sigfd);
     return NULL;
+  }
 
   if( (i = read(sigfd, signature, len)) != len ) {
     fprintf(stderr, "Wrong signature length - Expected = %d, Received = %d\n",
             len, i);
     close(sigfd);
+    free(signature);
     return NULL;
   }