diff --git a/src/apk.c b/src/apk.c
index 4aba0a6..6b3e700 100644
--- a/src/apk.c
+++ b/src/apk.c
@@ -351,8 +351,9 @@ static int parse_options(int argc, char **argv, struct apk_applet *applet, void
 			if ((unsigned char)*d >= 0xf0)
 				num_short = *d++ & 0x0f;
 			for (; num_short > 0; num_short--) {
-				assert(*d >= 64 && *d < 128);
-				short_option_val[*d - 64] = opt->val;
+				unsigned char ch = *(unsigned char *)d;
+				assert(ch >= 64 && ch < 128);
+				short_option_val[ch-64] = opt->val;
 				*sopt++ = *d++;
 				if (opt->has_arg != no_argument)
 					*sopt++ = ':';
@@ -381,13 +382,6 @@ static int parse_options(int argc, char **argv, struct apk_applet *applet, void
 	if (help_requested || r == -ENOTSUP)
 		return usage(applet);
 
-	if (applet == NULL) {
-		if (argc > 1) {
-			apk_error("'%s' is not an apk command. See 'apk --help'.", argv[1]);
-			return 1;
-		}
-		return usage(NULL);
-	}
 	return 0;
 }
 
@@ -497,6 +491,14 @@ int main(int argc, char **argv)
 	r = parse_options(argc, argv, applet, ctx, &dbopts);
 	if (r != 0) goto err;
 
+	if (applet == NULL) {
+		if (argc > 1) {
+			apk_error("'%s' is not an apk command. See 'apk --help'.", argv[1]);
+			return 1;
+		}
+		return usage(NULL);
+	}
+
 	argc -= optind;
 	argv += optind;
 	if (argc >= 1 && strcmp(argv[0], applet->name) == 0) {
diff --git a/src/commit.c b/src/commit.c
index 5a72ce4..fe9b1ad 100644
--- a/src/commit.c
+++ b/src/commit.c
@@ -7,6 +7,7 @@
  * SPDX-License-Identifier: GPL-2.0-only
  */
 
+#include <assert.h>
 #include <limits.h>
 #include <stdint.h>
 #include <unistd.h>
@@ -264,6 +265,7 @@ int apk_solver_commit_changeset(struct apk_database *db,
 	off_t humanized, size_diff = 0;
 	int r, errors = 0;
 
+	assert(world);
 	if (apk_db_check_world(db, world) != 0) {
 		apk_error("Not committing changes due to missing repository tags. "
 			  "Use --force-broken-world to override.");
diff --git a/src/database.c b/src/database.c
index 22004bc..bbf072e 100644
--- a/src/database.c
+++ b/src/database.c
@@ -2406,6 +2406,7 @@ static int apk_db_install_archive_entry(void *_ctx,
 					const struct apk_file_info *ae,
 					struct apk_istream *is)
 {
+	static const char dot1[] = "/./", dot2[] = "/../";
 	struct install_ctx *ctx = (struct install_ctx *) _ctx;
 	struct apk_database *db = ctx->db;
 	struct apk_package *pkg = ctx->pkg, *opkg;
@@ -2448,10 +2449,9 @@ static int apk_db_install_archive_entry(void *_ctx,
 
 	/* Sanity check the file name */
 	if (ae->name[0] == '/' ||
-	    strncmp(ae->name, "/./"+1, 3) == 0 ||
-	    strncmp(ae->name, "/../"+1, 3) == 0 ||
-	    strstr(ae->name, "/./") ||
-	    strstr(ae->name, "/../")) {
+	    strncmp(ae->name, &dot1[1], 2) == 0 ||
+	    strncmp(ae->name, &dot2[1], 3) == 0 ||
+	    strstr(ae->name, dot1) || strstr(ae->name, dot2)) {
 		apk_warning(PKG_VER_FMT": ignoring malicious file %s",
 			    PKG_VER_PRINTF(pkg), ae->name);
 		ipkg->broken_files = 1;
diff --git a/src/io_gunzip.c b/src/io_gunzip.c
index 41dc5e7..6faf74f 100644
--- a/src/io_gunzip.c
+++ b/src/io_gunzip.c
@@ -37,6 +37,7 @@ static int gzi_boundary_change(struct apk_gzip_istream *gis)
 {
 	int r;
 
+	if (!gis->cb) return 0;
 	r = gis->cb(gis->cbctx, gis->is.err ? APK_MPART_END : APK_MPART_BOUNDARY, gis->cbarg);
 	if (r > 0) r = -ECANCELED;
 	if (r != 0) gis->is.err = r;
diff --git a/src/package.c b/src/package.c
index 5db77ec..6e7a062 100644
--- a/src/package.c
+++ b/src/package.c
@@ -488,7 +488,7 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
 		ctx->md = EVP_sha1();
 		break;
 	default:
-		action = APK_SIGN_NONE;
+		ctx->action = APK_SIGN_NONE;
 		ctx->md = EVP_md_null();
 		ctx->control_started = 1;
 		ctx->data_started = 1;