diff --git a/lib/crypto_backend/argon2/argon2.c b/lib/crypto_backend/argon2/argon2.c
index 37771abd..c784fcaa 100644
--- a/lib/crypto_backend/argon2/argon2.c
+++ b/lib/crypto_backend/argon2/argon2.c
@@ -450,6 +450,8 @@ const char *argon2_error_message(int error_code) {
 
 size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism,
                          uint32_t saltlen, uint32_t hashlen, argon2_type type) {
+  if (!argon2_type2string(type, 0))
+      return 0;
   return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
          numlen(t_cost) + numlen(m_cost) + numlen(parallelism) +
          b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1;
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index b7d377fa..06a32e02 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -2303,8 +2303,13 @@ static int _dm_target_query_verity(struct crypt_device *cd,
 				str = strsep(&params, " ");
 				if (!str)
 					goto err;
-				if (!root_hash_sig_key_desc)
+				if (!root_hash_sig_key_desc) {
 					root_hash_sig_key_desc = strdup(str);
+					if (!root_hash_sig_key_desc) {
+						r = -ENOMEM;
+						goto err;
+					}
+				}
 				i++;
 				if (vp)
 					vp->flags |= CRYPT_VERITY_ROOT_HASH_SIGNATURE;
diff --git a/lib/setup.c b/lib/setup.c
index c7013aae..ed6ffb5d 100644
--- a/lib/setup.c
+++ b/lib/setup.c
@@ -4971,6 +4971,9 @@ const char *crypt_get_cipher_mode(struct crypt_device *cd)
 /* INTERNAL only */
 const char *crypt_get_integrity(struct crypt_device *cd)
 {
+	if (!cd)
+		return NULL;
+
 	if (isINTEGRITY(cd->type))
 		return cd->u.integrity.params.integrity;
 
diff --git a/lib/utils_device.c b/lib/utils_device.c
index bd481e8a..f4bb0586 100644
--- a/lib/utils_device.c
+++ b/lib/utils_device.c
@@ -162,6 +162,9 @@ static int device_ready(struct crypt_device *cd, struct device *device)
 	struct stat st;
 	size_t tmp_size;
 
+	if (!device)
+		return -EINVAL;
+
 	if (device->o_direct) {
 		log_dbg(cd, "Trying to open and read device %s with direct-io.",
 			device_path(device));
@@ -217,6 +220,9 @@ static int _open_locked(struct crypt_device *cd, struct device *device, int flag
 {
 	int fd;
 
+	if (!device)
+		return -EINVAL;
+
 	log_dbg(cd, "Opening locked device %s", device_path(device));
 
 	if ((flags & O_ACCMODE) != O_RDONLY && device_locked_readonly(device->lh)) {