diff --git a/libcdio-0.78.2-check-returns.patch b/libcdio-0.78.2-check-returns.patch
new file mode 100644
index 0000000..31a9ddd
--- /dev/null
+++ b/libcdio-0.78.2-check-returns.patch
@@ -0,0 +1,175 @@
+--- libcdio-0.78.2/lib/iso9660/iso9660_fs.c
++++ libcdio-0.78.2/lib/iso9660/iso9660_fs.c
+@@ -745,6 +745,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+   stat_len      = sizeof(iso9660_stat_t)+i_fname+2;
+ 
+   p_stat          = calloc(1, stat_len);
++  if (!p_stat)
++    {
++    cdio_warn("Couldn't calloc(1, %d)", stat_len);
++    return NULL;
++    }
+   p_stat->type    = (p_iso9660_dir->file_flags & ISO_DIRECTORY) 
+     ? _STAT_DIR : _STAT_FILE;
+   p_stat->lsn     = from_733 (p_iso9660_dir->extent);
+@@ -768,6 +773,11 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+ 	/* realloc gives valgrind errors */
+ 	iso9660_stat_t *p_stat_new = 
+ 	  calloc(1, sizeof(iso9660_stat_t)+i_rr_fname+2);
++        if (!p_stat_new)
++          {
++          cdio_warn("Couldn't calloc(1, %d)", sizeof(iso9660_stat_t)+i_rr_fname+2);
++          return NULL;
++          }
+ 	memcpy(p_stat_new, p_stat, stat_len);
+ 	free(p_stat);
+ 	p_stat = p_stat_new;
+@@ -782,11 +792,14 @@ _iso9660_dir_to_statbuf (iso9660_dir_t *p_iso9660_dir, bool_3way_t b_xa,
+       else if (i_joliet_level) {
+ 	int i_inlen = i_fname;
+ 	cdio_utf8_t *p_psz_out = NULL;
+-	cdio_charset_to_utf8(p_iso9660_dir->filename, i_inlen,
+-                             &p_psz_out, "UCS-2BE");
+-        
+-	strncpy(p_stat->filename, p_psz_out, i_fname);
+-	free(p_psz_out);
++	if (cdio_charset_to_utf8(p_iso9660_dir->filename, i_inlen,
++                             &p_psz_out, "UCS-2BE")) {
++          strncpy(p_stat->filename, p_psz_out, i_fname);
++          free(p_psz_out);
++        }
++        else {
++          return NULL;
++        }
+       }
+ #endif /*HAVE_JOLIET*/
+       else {
+@@ -957,6 +970,11 @@ _fs_stat_traverse (const CdIo_t *p_cdio, const iso9660_stat_t *_root,
+     {
+       unsigned int len=sizeof(iso9660_stat_t) + strlen(_root->filename)+1;
+       p_stat = calloc(1, len);
++      if (!p_stat)
++        {
++        cdio_warn("Couldn't calloc(1, %d)", len);
++        return NULL;
++        }
+       memcpy(p_stat, _root, len);
+       return p_stat;
+     }
+@@ -974,6 +992,11 @@ _fs_stat_traverse (const CdIo_t *p_cdio, const iso9660_stat_t *_root,
+     }
+   
+   _dirbuf = calloc(1, _root->secsize * ISO_BLOCKSIZE);
++  if (!p_stat)
++    {
++    cdio_warn("Couldn't calloc(1, %d)", _root->secsize * ISO_BLOCKSIZE);
++    return NULL;
++    }
+ 
+   if (cdio_read_data_sectors (p_cdio, _dirbuf, _root->lsn, ISO_BLOCKSIZE, 
+ 			      _root->secsize))
+@@ -1050,6 +1073,11 @@ _fs_iso_stat_traverse (iso9660_t *p_iso, const iso9660_stat_t *_root,
+       iso9660_stat_t *p_stat;
+       unsigned int len=sizeof(iso9660_stat_t) + strlen(_root->filename)+1;
+       p_stat = calloc(1, len);
++      if (!p_stat)
++        {
++        cdio_warn("Couldn't calloc(1, %d)", len);
++        return NULL;
++        }
+       memcpy(p_stat, _root, len);
+       return p_stat;
+     }
+@@ -1067,6 +1095,11 @@ _fs_iso_stat_traverse (iso9660_t *p_iso, const iso9660_stat_t *_root,
+     }
+   
+   _dirbuf = calloc(1, _root->secsize * ISO_BLOCKSIZE);
++  if (!_dirbuf)
++    {
++    cdio_warn("Couldn't calloc(1, %d)", _root->secsize * ISO_BLOCKSIZE);
++    return NULL;
++    }
+ 
+   ret = iso9660_iso_seek_read (p_iso, _dirbuf, _root->lsn, _root->secsize);
+   if (ret!=ISO_BLOCKSIZE*_root->secsize) return NULL;
+@@ -1269,6 +1302,11 @@ iso9660_fs_readdir (CdIo_t *p_cdio, const char psz_path[], bool b_mode2)
+       }
+ 
+     _dirbuf = calloc(1, p_stat->secsize * ISO_BLOCKSIZE);
++    if (!_dirbuf)
++      {
++      cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);
++      return NULL;
++      }
+ 
+     if (cdio_read_data_sectors (p_cdio, _dirbuf, p_stat->lsn, 
+ 				ISO_BLOCKSIZE, p_stat->secsize))
+@@ -1335,6 +1373,11 @@ iso9660_ifs_readdir (iso9660_t *p_iso, const char psz_path[])
+       }
+ 
+     _dirbuf = calloc(1, p_stat->secsize * ISO_BLOCKSIZE);
++    if (!_dirbuf)
++      {
++        cdio_warn("Couldn't calloc(1, %d)", p_stat->secsize * ISO_BLOCKSIZE);
++        return NULL;
++      }
+ 
+     ret = iso9660_iso_seek_read (p_iso, _dirbuf, p_stat->lsn, p_stat->secsize);
+     if (ret != ISO_BLOCKSIZE*p_stat->secsize) return NULL;
+@@ -1399,6 +1442,11 @@ find_fs_lsn_recurse (CdIo_t *p_cdio, const char psz_path[], lsn_t lsn)
+       if (statbuf->lsn == lsn) {
+ 	unsigned int len=sizeof(iso9660_stat_t)+strlen(statbuf->filename)+1;
+ 	iso9660_stat_t *ret_stat = calloc(1, len);
++	if (!ret_stat)
++	  {
++          cdio_warn("Couldn't calloc(1, %d)", len);
++          return NULL;
++	  }
+ 	memcpy(ret_stat, statbuf, len);
+         _cdio_list_free (entlist, true);
+         _cdio_list_free (dirlist, true);
+@@ -1453,6 +1501,11 @@ find_ifs_lsn_recurse (iso9660_t *p_iso, const char psz_path[], lsn_t lsn)
+       if (statbuf->lsn == lsn) {
+ 	unsigned int len=sizeof(iso9660_stat_t)+strlen(statbuf->filename)+1;
+ 	iso9660_stat_t *ret_stat = calloc(1, len);
++	if (!ret_stat)
++	  {
++          cdio_warn("Couldn't calloc(1, %d)", len);
++          return NULL;
++	  }
+ 	memcpy(ret_stat, statbuf, len);
+         _cdio_list_free (entlist, true);
+         _cdio_list_free (dirlist, true);
+--- libcdio-0.78.2/lib/driver/utf8.c
++++ libcdio-0.78.2/lib/driver/utf8.c
+@@ -120,6 +120,11 @@ do_convert(iconv_t cd, char * src, int src_len,
+   outbytesleft = alloc_size-1;
+ 
+   ret    = malloc(alloc_size);
++  if (ret == NULL)
++    {
++    fprintf(stderr, "Can't malloc(%d).\n", alloc_size);
++    return false;
++    }
+ 
+   inbuf  = src;
+   outbuf = ret;
+@@ -139,11 +144,17 @@ do_convert(iconv_t cd, char * src, int src_len,
+           outbytesleft += BYTES_INCREMENT;
+ 
+           ret = realloc(ret, alloc_size);
++          if (ret == NULL)
++            {
++            fprintf(stderr, "Can't realloc(%d).\n", alloc_size);
++            return false;
++            }
+           outbuf = ret + output_pos;
+           break;
+         default:
+           fprintf(stderr, "Iconv failed: %s\n", strerror(errno));
+-          free(ret);
++          if (ret != NULL)
++            free(ret);
+           return false;
+           break;
+         }
diff --git a/libcdio-mini.changes b/libcdio-mini.changes
index 387a87a..56820f2 100644
--- a/libcdio-mini.changes
+++ b/libcdio-mini.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 27 18:59:31 CET 2008 - sbrabec@suse.cz
+
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
+
 -------------------------------------------------------------------
 Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz
 
diff --git a/libcdio-mini.spec b/libcdio-mini.spec
index 9fa2a20..76f0a15 100644
--- a/libcdio-mini.spec
+++ b/libcdio-mini.spec
@@ -10,6 +10,7 @@
 
 # norootforbuild
 
+
 Name:           libcdio-mini
 # WARNING: Do not edit this auto generated file.
 #%(sh %{_sourcedir}/libcdio_spec-prepare.sh %{_sourcedir} %{name})
@@ -23,7 +24,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        4
+Release:        5
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@@ -45,6 +46,7 @@ Provides:       %{_name} = %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
 Patch1:         libcdio-joliet-name-overflow.patch
+Patch2:         libcdio-0.78.2-check-returns.patch
 
 %description
 This library encapsulates CD-ROM reading and control. Applications
@@ -199,6 +201,7 @@ Authors:
 %setup -q -n %{_name}-%{version}
 %patch0
 %patch1
+%patch2 -p1
 
 %build
 %configure --disable-static --with-pic
@@ -297,6 +300,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Wed Feb 27 2008 sbrabec@suse.cz
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
 * Wed Jan 09 2008 sbrabec@suse.cz
 - Fixed buffer overflows for long Joliet names (#351127).
 * Wed Dec 05 2007 ro@suse.de
diff --git a/libcdio.changes b/libcdio.changes
index 387a87a..56820f2 100644
--- a/libcdio.changes
+++ b/libcdio.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 27 18:59:31 CET 2008 - sbrabec@suse.cz
+
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
+
 -------------------------------------------------------------------
 Wed Jan  9 17:52:24 CET 2008 - sbrabec@suse.cz
 
diff --git a/libcdio.spec b/libcdio.spec
index 60bda4a..f995e35 100644
--- a/libcdio.spec
+++ b/libcdio.spec
@@ -10,6 +10,7 @@
 
 # norootforbuild
 
+
 Name:           libcdio
 # WARNING: After editing this file please call Re or rpmbuild to update spec file:
 #%(sh %{_sourcedir}/libcdio_spec-prepare.sh %{_sourcedir} %{name})
@@ -23,7 +24,7 @@ BuildRequires:  libcddb-devel libcdio-devel ncurses-devel vcdimager-devel
 #BuildRequires:  cdparanoia
 %endif
 Version:        0.79
-Release:        4
+Release:        5
 # WARNING: After changing versions please call Re or rpmbuild to auto-update spec file:
 %define libcdio_name 7
 %define libcdio_paranoia_name 0
@@ -45,6 +46,7 @@ Provides:       %{_name} = %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Patch0:         libcdio-gcc43.patch
 Patch1:         libcdio-joliet-name-overflow.patch
+Patch2:         libcdio-0.78.2-check-returns.patch
 
 %description
 This library encapsulates CD-ROM reading and control. Applications
@@ -198,6 +200,7 @@ Authors:
 %setup -q -n %{_name}-%{version}
 %patch0
 %patch1
+%patch2 -p1
 
 %build
 %configure --disable-static --with-pic
@@ -296,6 +299,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/pkgconfig/*.pc
 
 %changelog
+* Wed Feb 27 2008 sbrabec@suse.cz
+- Fixed more possible memory allocation buffer overflows
+  (bnc#351127).
 * Wed Jan 09 2008 sbrabec@suse.cz
 - Fixed buffer overflows for long Joliet names (#351127).
 * Wed Dec 05 2007 ro@suse.de