diff --git a/src/capt-command.c b/src/capt-command.c
index 502c143..b105001 100644
--- a/src/capt-command.c
+++ b/src/capt-command.c
@@ -121,7 +121,7 @@ const char *capt_identify(void)
 
 static void capt_copy_cmd(uint16_t cmd, const void *buf, size_t size)
 {
-	if (capt_iosize + 4 + size > sizeof(capt_iobuf)) {
+	if (size > sizeof(capt_iobuf) - 4 - capt_iosize) {
 		fprintf(stderr, "ALERT: bug in CAPT driver, output buffer overflow\n");
 		exit(1);
 	}
diff --git a/src/capt-status.c b/src/capt-status.c
index 6a11c34..8b28bab 100644
--- a/src/capt-status.c
+++ b/src/capt-status.c
@@ -52,6 +52,9 @@ static void print_status(void)
 
 static void decode_status(const uint8_t *s, size_t size)
 {
+	if (size < 2)
+		return;
+
 	status.status[0] = WORD(s[0], s[1]);
 
 	if (size <= 2)
diff --git a/src/paper.c b/src/paper.c
index dc6b5e6..286517c 100644
--- a/src/paper.c
+++ b/src/paper.c
@@ -24,7 +24,8 @@
 void page_set_dims(struct page_dims_s *dims, const struct cups_page_header2_s *header)
 {
 	dims->media_type = header->cupsMediaType;
-	strncpy(dims->media_size, header->MediaType, 64);
+	strncpy(dims->media_size, header->MediaType, sizeof(dims->media_size) - 1);
+	dims->media_size[sizeof(dims->media_size) - 1] = '\0';
 	dims->paper_width  = header->cupsWidth;  //header->PageSize[0] * header->HWResolution[0] / 72;
 	dims->paper_height = header->cupsHeight; //header->PageSize[1] * header->HWResolution[1] / 72;
 	dims->toner_save = header->cupsInteger[0];
diff --git a/src/rastertocapt.c b/src/rastertocapt.c
index 09f890d..39e5242 100644
--- a/src/rastertocapt.c
+++ b/src/rastertocapt.c
@@ -349,7 +349,7 @@ int main(int argc, char *argv[])
 	sigemptyset(&act_ign.sa_mask);
 	sigaction(SIGPIPE, &act_ign, NULL);
 	/* handle SIGTERM */
-	act_cancel.sa_handler = do_cancel();
+	act_cancel.sa_handler = do_cancel;
 	sigemptyset(&act_cancel.sa_mask);
 	sigaddset(&act_cancel.sa_mask, SIGINT);
 	sigaction(SIGTERM, &act_cancel, NULL);
diff --git a/tests/captdefilter.c b/tests/captdefilter.c
index 5b815da..f370966 100644
--- a/tests/captdefilter.c
+++ b/tests/captdefilter.c
@@ -224,8 +224,8 @@ int main(int argc, char **argv)
 			break;
 		}
 		fprintf(stderr, "CMD %04X len=%u\n", cmd, len);
-		if (fread(buf + pos, 1, len - pos, input) != len - pos) {
-			fprintf(stderr, "! unable to read %li bytes\n", len - pos);
+		if (len < pos || len > sizeof(buf) || fread(buf + pos, 1, len - pos, input) != len - pos) {
+			fprintf(stderr, "! unable to read %li bytes\n", (long)(len - pos));
 			break;
 		}
 		dispatch(cmd, buf + pos, len - pos);
diff --git a/tests/test-hiscoa.c b/tests/test-hiscoa.c
index ec5a45c..e10271b 100644
--- a/tests/test-hiscoa.c
+++ b/tests/test-hiscoa.c
@@ -34,10 +34,10 @@ int main(int argc, char **argv)
 			abort();
 	}
 
-	fscanf(input, "%s\n", header);
+	fscanf(input, "%1023s\n", header);
 	if (strcmp(header, "P4"))
 		abort();
-	fscanf(input, "%s\n", header);
+	fscanf(input, "%1023s\n", header);
 	fscanf(input, "%u %u\n", &width, &height);
 	fprintf(stderr, "Input image dimensions: %ux%u\n", width, height);