@@ -226,11 +226,11 @@
 	TMPBUF = (unsigned char *) (x); \
 	buf_user[0] = 0; \
 	buf_user[2] = 0; \
 	buf_user_p = buf_user; \
 	buf_user_size = sizeof(buf_user); \
-	for (idx = 0; idx < (y); idx++) { \
+	for (idx = 0; idx < MIN((y), sizeof(buf_user)); idx++) { \
 		if (buf_user_size <= 0) { \
 			break; \
 		}; \
 		snprintf_ret = snprintf(buf_user_p, buf_user_size, ", %02x", TMPBUF[idx]); \
 		if (snprintf_ret <= 0) { \
@@ -4702,11 +4702,11 @@
 
 	if (getenv("CACKEY_PIN_COMMAND_XONLY") != NULL && getenv("DISPLAY") != NULL) {
 		cackey_pin_command = strdup(getenv("CACKEY_PIN_COMMAND_XONLY"));
 	}
 
-	if (strcmp(cackey_pin_command, "") == 0) {
+	if (cackey_pin_command && strcmp(cackey_pin_command, "") == 0) {
 		free(cackey_pin_command);
 		cackey_pin_command = NULL;
 	}
 
 #ifdef CACKEY_READERS_INCLUDE_ONLY_DEFAULT