diff --git a/src/daemon.c b/src/daemon.c
index c14b64b..5652ba1 100644
--- a/src/daemon.c
+++ b/src/daemon.c
@@ -544,7 +544,11 @@ malformed:
 		if (rc < 0) {
 err_attached:
 			pe_end(outpe);
-			ftruncate(outfd, 0);
+			if (ftruncate(outfd, 0) != 0) {
+				ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
+					"pesignd: could not truncate output "
+					"file: %m");
+			}
 			goto finish;
 		}
 		ssize_t sigspace = calculate_signature_space(ctx->cms, outpe);
@@ -562,21 +566,34 @@ err_attached:
 				ctx->cms->num_signatures, outpe);
 		pe_end(outpe);
 	} else {
-		ftruncate(outfd, 0);
+		if (ftruncate(outfd, 0) != 0) {
+			ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
+				"pesignd: could not truncate output "
+				"file: %m");
+		}
 		rc = generate_digest(ctx->cms, inpe, 1);
 		if (rc < 0) {
 err_detached:
-			ftruncate(outfd, 0);
+			if (ftruncate(outfd, 0) != 0) {
+				ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
+					"pesignd: could not truncate output "
+					"file: %m");
+			}
 			goto finish;
 		}
 		rc = generate_signature(ctx->cms);
 		if (rc < 0)
 			goto err_detached;
 		rc = export_signature(ctx->cms, outfd, 0);
-		if (rc >= 0)
-			ftruncate(outfd, rc);
-		else if (rc < 0)
+		if (rc >= 0) {
+			if (ftruncate(outfd, rc) != 0) {
+				ctx->cms->log(ctx->cms, ctx->priority|LOG_ERR,
+					"pesignd: could not truncate output "
+					"file: %m");
+			}
+		} else if (rc < 0) {
 			goto err_detached;
+		}
 	}
 
 finish:
@@ -1182,7 +1199,12 @@ daemonize(cms_context *cms_ctx, char *certdir, int do_fork)
 		exit(1);
 	}
 
-	chdir(homedir ? homedir : "/");
+	if (chdir(homedir ? homedir : "/") != 0) {
+		ctx.backup_cms->log(ctx.backup_cms, ctx.priority|LOG_ERR,
+			"pesignd: could not change working directory "
+			"for pesign: %m");
+		exit(1);
+	}
 
 	if (getuid() == 0) {
 		/* process is running as root, drop privileges */
diff --git a/src/password.c b/src/password.c
index 43186df..9a9c911 100644
--- a/src/password.c
+++ b/src/password.c
@@ -76,7 +76,8 @@ static char *SEC_GetPassword(FILE *input, FILE *output, char *prompt,
 	    echoOff(infd);
 	}
 
-	fgets ( phrase, sizeof(phrase), input);
+	if (fgets(phrase, sizeof(phrase), input) == NULL)
+		phrase[0] = '\0';
 
 	if (isTTY) {
 	    fprintf(output, "\n");
diff --git a/src/pesign.c b/src/pesign.c
index ff4f2bf..40a1e43 100644
--- a/src/pesign.c
+++ b/src/pesign.c
@@ -164,9 +164,15 @@ open_output(pesign_context *ctx)
 
 	addr = pe_rawfile(ctx->inpe, &size);
 
-	ftruncate(ctx->outfd, size);
+	if (ftruncate(ctx->outfd, size) != 0) {
+		fprintf(stderr, "pesign: could not truncate output file: %m\n");
+		exit(1);
+	}
 	lseek(ctx->outfd, 0, SEEK_SET);
-	write(ctx->outfd, addr, size);
+	if (write(ctx->outfd, addr, size) != size) {
+		fprintf(stderr, "pesign: could not write output file: %m\n");
+		exit(1);
+	}
 
 	Pe_Cmd cmd = ctx->outfd == STDOUT_FILENO ? PE_C_RDWR : PE_C_RDWR_MMAP;
 	ctx->outpe = pe_begin(ctx->outfd, cmd, NULL);
diff --git a/src/signed_data.c b/src/signed_data.c
index 2fa1cdd..247ec57 100644
--- a/src/signed_data.c
+++ b/src/signed_data.c
@@ -133,6 +133,7 @@ generate_signerInfo_list(cms_context *cms, SpcSignerInfo ***signerInfo_list_p, S
 	SpcSignerInfo **signerInfo_list;
 	int err, rc;
 
+	err = 0;
 	if (!signerInfo_list_p)
 		return -1;