3 files changed, 19 insertions, 5 deletions

diff --git a/src/src/exim_dbmbuild.c b/src/src/exim_dbmbuild.c
index 611b6be38..85ae9012b 100644
--- a/src/src/exim_dbmbuild.c
+++ b/src/src/exim_dbmbuild.c
@@ -480,7 +480,7 @@ else
   printf("dbmbuild abandoned\n");
 #if defined(USE_DB) || defined(USE_TDB) || defined(USE_GDBM)
   /* We created it, so safe to delete despite the name coming from outside */
-  /* coverity[tainted_data] */
+  /* coverity[tainted_string] */
   Uunlink(temp_dbmname);
 #else
   if (is_db)
diff --git a/src/src/exim_lock.c b/src/src/exim_lock.c
index 074a951d1..068216816 100644
--- a/src/src/exim_lock.c
+++ b/src/src/exim_lock.c
@@ -588,12 +588,24 @@ if (restore_times)
   int fd = open(filename, O_RDWR); /* use fd for both get & restore */
   struct timespec tt[2];
 
-  fstat(fd, &strestore);
+  if (fd < 0)
+    {
+    printf("open '%s': %s\n", filename, strerror(errno));
+    yield = 1;
+    goto CLEAN_UP;
+    }
+  if (fstat(fd, &strestore) != 0)
+    {
+    printf("fstat '%s': %s\n", filename, strerror(errno));
+    yield = 1;
+    close(fd);
+    goto CLEAN_UP;
+    }
   i = system(command);
   tt[0] = strestore.st_atim;
   tt[1] = strestore.st_mtim;
-  futimens(fd, tt);
-  close(fd);
+  (void) futimens(fd, tt);
+  (void) close(fd);
 #else
   struct utimbuf ut;
 
diff --git a/src/src/malware.c b/src/src/malware.c
index b4a7f7094..b36bf0d64 100644
--- a/src/src/malware.c
+++ b/src/src/malware.c
@@ -1003,7 +1003,9 @@ if (!malware_ok)
 	      kav_re = kav_re_inf;
 	      }
 
-	    /* read report, linewise */
+	    /* read report, linewise.  Using size from stream to read amount of data
+	    from same stream is safe enough. */
+	    /* coverity[tainted_data] */
 	    while (kav_reportlen > 0)
 	      {
 	      if ((bread = recv_line(sock, tmpbuf, sizeof(tmpbuf), tmo)) < 0)