diff --git a/kbd-2.4.0-covscan-fixes.patch b/kbd-2.4.0-covscan-fixes.patch
new file mode 100644
index 0000000..c62813b
--- /dev/null
+++ b/kbd-2.4.0-covscan-fixes.patch
@@ -0,0 +1,93 @@
+diff -up kbd-2.4.0/src/libkbdfile/kbdfile.c.orig kbd-2.4.0/src/libkbdfile/kbdfile.c
+--- kbd-2.4.0/src/libkbdfile/kbdfile.c.orig	2020-11-11 13:44:48.000000000 +0100
++++ kbd-2.4.0/src/libkbdfile/kbdfile.c	2021-04-27 09:58:08.405671071 +0200
+@@ -39,8 +39,10 @@ kbdfile_new(struct kbdfile_ctx *ctx)
+ 
+ 	if (!fp->ctx) {
+ 		fp->ctx = kbdfile_context_new();
+-		if (!fp->ctx)
++		if (!fp->ctx) {
++			free(fp);
+ 			return NULL;
++		}
+ 		fp->flags |= KBDFILE_CTX_INITIALIZED;
+ 	}
+ 
+@@ -69,7 +71,7 @@ kbdfile_get_pathname(struct kbdfile *fp)
+ int
+ kbdfile_set_pathname(struct kbdfile *fp, const char *pathname)
+ {
+-	strncpy(fp->pathname, pathname, sizeof(fp->pathname));
++	strncpy(fp->pathname, pathname, sizeof(fp->pathname) - 1);
+ 	return 0;
+ }
+ 
+@@ -385,7 +387,7 @@ kbdfile_find(const char *fnam, const cha
+ 	fp->flags &= ~KBDFILE_PIPE;
+ 
+ 	/* Try explicitly given name first */
+-	strncpy(fp->pathname, fnam, sizeof(fp->pathname));
++	strncpy(fp->pathname, fnam, sizeof(fp->pathname) - 1);
+ 
+ 	if (!maybe_pipe_open(fp))
+ 		return 0;
+diff -up kbd-2.4.0/src/libkeymap/common.c.orig kbd-2.4.0/src/libkeymap/common.c
+--- kbd-2.4.0/src/libkeymap/common.c.orig	2019-06-24 13:55:23.000000000 +0200
++++ kbd-2.4.0/src/libkeymap/common.c	2021-04-27 09:58:08.405671071 +0200
+@@ -139,6 +139,7 @@ init_array(struct lk_ctx *ctx, struct lk
+ 	rc = lk_array_init(ptr, size, 0);
+ 	if (rc < 0) {
+ 		ERR(ctx, _("unable to initialize array: %s"), strerror(rc));
++		free(ptr);
+ 		return -1;
+ 	}
+ 
+diff -up kbd-2.4.0/src/libkfont/psffontop.c.orig kbd-2.4.0/src/libkfont/psffontop.c
+--- kbd-2.4.0/src/libkfont/psffontop.c.orig	2020-04-27 17:53:01.000000000 +0200
++++ kbd-2.4.0/src/libkfont/psffontop.c	2021-04-27 09:59:14.170153676 +0200
+@@ -235,6 +235,7 @@ kfont_read_psffont(struct kfont_context
+ 
+ 		if (psfhdr->mode > PSF1_MAXMODE) {
+ 			KFONT_ERR(ctx, _("Unsupported psf file mode (%d)"), psfhdr->mode);
++			free(psfhdr);
+ 			return -EX_DATAERR;
+ 		}
+ 		fontlen   = ((psfhdr->mode & PSF1_MODE512) ? 512 : 256);
+@@ -251,6 +252,7 @@ kfont_read_psffont(struct kfont_context
+ 
+ 		if (psfhdr.version > PSF2_MAXVERSION) {
+ 			KFONT_ERR(ctx, _("Unsupported psf version (%d)"), psfhdr.version);
++			free(inputbuf);
+ 			return -EX_DATAERR;
+ 		}
+ 		fontlen   = assemble_uint32((unsigned char *)&psfhdr.length);
+@@ -260,16 +262,20 @@ kfont_read_psffont(struct kfont_context
+ 		ftoffset  = assemble_uint32((unsigned char *)&psfhdr.headersize);
+ 		fontwidth = assemble_uint32((unsigned char *)&psfhdr.width);
+ 		utf8      = 1;
+-	} else
++	} else {
++		free(inputbuf);
+ 		return -EX_DATAERR; /* not psf */
++	}
+ 
+ 	/* tests required - we divide by these */
+ 	if (fontlen == 0) {
+ 		KFONT_ERR(ctx, _("zero input font length?"));
++		free(inputbuf);
+ 		return -EX_DATAERR;
+ 	}
+ 	if (charsize == 0) {
+ 		KFONT_ERR(ctx, _("zero input character size?"));
++		free(inputbuf);
+ 		return -EX_DATAERR;
+ 	}
+ 
+@@ -277,6 +283,7 @@ kfont_read_psffont(struct kfont_context
+ 
+ 	if (i > inputlth || (!hastable && i != inputlth)) {
+ 		KFONT_ERR(ctx, _("Input file: bad input length (%d)"), inputlth);
++		free(inputbuf);
+ 		return -EX_DATAERR;
+ 	}
+ 
diff --git a/kbd.spec b/kbd.spec
index 8405115..7e079e1 100644
--- a/kbd.spec
+++ b/kbd.spec
@@ -5,7 +5,7 @@
 
 Name:           kbd
 Version:        2.4.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        Tools for configuring the console (keyboard, virtual terminals, etc.)
 License:        GPLv2+
 URL:            http://www.kbd-project.org/
@@ -34,6 +34,8 @@ Patch5:         kbd-1.15.5-loadkeys-search-path.patch
 Patch6:         kbd-2.0.2-unicode-start-font.patch
 # Patch7: fixes issues found by static analysis
 Patch7:         kbd-2.0.4-covscan-fixes.patch
+# Patch8: fixes another batch of issues found by static analysis
+Patch8:         kbd-2.4.0-covscan-fixes.patch
 
 BuildRequires:  gcc, bison, flex, gettext, pam-devel, check-devel, automake
 BuildRequires:  console-setup, xkeyboard-config
@@ -78,6 +80,7 @@ cp -fp %{SOURCE6} .
 %patch5 -p1 -b .loadkeys-search-path
 %patch6 -p1 -b .unicode-start-font
 %patch7 -p1 -b .covscan-fixes
+%patch8 -p1 -b .covscan-fixes-pt2
 aclocal
 autoconf
 
@@ -197,6 +200,10 @@ make check
 %{kbd_datadir}/keymaps/legacy
 
 %changelog
+* Wed May 05 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-5
+- Fix issues detected by static analysis
+  Resolves: #1938749
+
 * Thu Apr 22 2021 Vitezslav Crhonek <vcrhonek@redhat.com> - 2.4.0-4
 - Fix layout->keymap conversion broken by change in xkeyboard-config
   (patch by Peter Hutterer)