diff --git a/src/firejail/fs_logger.c b/src/firejail/fs_logger.c
index 4bf24e749..f735b1489 100644
--- a/src/firejail/fs_logger.c
+++ b/src/firejail/fs_logger.c
@@ -163,6 +163,7 @@ void fs_logger_print_log(pid_t pid) {
 		exit(1);
 	}
 
+	/* coverity[toctou] */
 	FILE *fp = fopen(fname, "r");
 	if (!fp) {
 		printf("Cannot open filesystem log.\n");
diff --git a/src/firejail/fs_whitelist.c b/src/firejail/fs_whitelist.c
index f8cce219e..e0187981b 100644
--- a/src/firejail/fs_whitelist.c
+++ b/src/firejail/fs_whitelist.c
@@ -582,6 +582,9 @@ void fs_whitelist(void) {
 			errExit("mount tmpfs");
 	}
 
+	if (new_name)
+		free(new_name);
+		
 	return;
 
 errexit:
diff --git a/src/firejail/restrict_users.c b/src/firejail/restrict_users.c
index ec65005ba..1b4058987 100644
--- a/src/firejail/restrict_users.c
+++ b/src/firejail/restrict_users.c
@@ -121,6 +121,7 @@ static void sanitize_passwd(void) {
 	fs_build_mnt_dir();
 
 	// open files
+	/* coverity[toctou] */
 	fpin = fopen("/etc/passwd", "r");
 	if (!fpin)
 		goto errout;
@@ -253,6 +254,7 @@ static void sanitize_group(void) {
 	fs_build_mnt_dir();
 
 	// open files
+	/* coverity[toctou] */
 	fpin = fopen("/etc/group", "r");
 	if (!fpin)
 		goto errout;