diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index 0b2177d4..27026773 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -2193,7 +2193,8 @@ static int _dm_target_query_verity(struct crypt_device *cd,
 				str = strsep(&params, " ");
 				if (!str)
 					goto err;
-				root_hash_sig_key_desc = strdup(str);
+				if (!root_hash_sig_key_desc)
+					root_hash_sig_key_desc = strdup(str);
 				i++;
 			} else /* unknown option */
 				goto err;
@@ -2228,6 +2229,7 @@ err:
 	device_free(cd, data_device);
 	device_free(cd, hash_device);
 	device_free(cd, fec_device);
+	free(root_hash_sig_key_desc);
 	free(root_hash);
 	free(hash_name);
 	free(salt);
diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c
index bf6a3125..15b29366 100644
--- a/lib/verity/verity_hash.c
+++ b/lib/verity/verity_hash.c
@@ -102,7 +102,7 @@ static int hash_levels(size_t hash_block_size, size_t digest_size,
 		       off_t *hash_level_block, off_t *hash_level_size)
 {
 	size_t hash_per_block_bits;
-	off_t s;
+	off_t s, s_shift;
 	int i;
 
 	if (!digest_size)
@@ -124,7 +124,10 @@ static int hash_levels(size_t hash_block_size, size_t digest_size,
 		if (hash_level_block)
 			hash_level_block[i] = *hash_position;
 		// verity position of block data_file_blocks at level i
-		s = (data_file_blocks + ((off_t)1 << ((i + 1) * hash_per_block_bits)) - 1) >> ((i + 1) * hash_per_block_bits);
+		s_shift = (i + 1) * hash_per_block_bits;
+		if (s_shift > 63)
+			return -EINVAL;
+		s = (data_file_blocks + ((off_t)1 << s_shift) - 1) >> ((i + 1) * hash_per_block_bits);
 		if (hash_level_size)
 			hash_level_size[i] = s;
 		if ((*hash_position + s) < *hash_position ||