diff --git a/qtfs/qtfs/miss.c b/qtfs/qtfs/miss.c
index e05d3489f1a15f22b43c7dae713b3697c87d3394..65c8f4ec2976ab2265233f03c48943c8ff96b672 100644
--- a/qtfs/qtfs/miss.c
+++ b/qtfs/qtfs/miss.c
@@ -30,6 +30,10 @@ static int miss_open(struct qtreq *miss)
 	struct qtreq_close *req;
 	struct qtrsp_close *rsp;
 	struct qtfs_conn_var_s *pvar = NULL;
+	if (missrsp == NULL) {
+		qtfs_err("input response is NULL.");
+		return QTFS_ERR;
+	}
 	if (missrsp->ret == QTFS_ERR)
 		return QTFS_OK; // no need to close
 
@@ -42,12 +46,11 @@ static int miss_open(struct qtreq *miss)
 	req->fd = missrsp->fd;
 	qtfs_err("miss open proc fd:%d.", req->fd);
 	rsp = qtfs_remote_run(pvar, QTFS_REQ_CLOSE, sizeof(struct qtreq_close));
+	qtfs_conn_put_param(pvar);
 	if (IS_ERR_OR_NULL(rsp)) {
-		qtfs_conn_put_param(pvar);
 		return QTFS_ERR;
 	}
 
-	qtfs_conn_put_param(pvar);
 	return QTFS_OK;
 }
 
diff --git a/qtfs/qtfs/proc.c b/qtfs/qtfs/proc.c
index 1667ada34ef1eee42be7be9d59d031e9938eb06d..e56bd8c878b0b76d7b59c58eb690825c1dcc488d 100644
--- a/qtfs/qtfs/proc.c
+++ b/qtfs/qtfs/proc.c
@@ -163,6 +163,7 @@ struct dentry *qtfs_proc_lookup(struct inode *parent_inode, struct dentry *child
 		path_put(&spath);
 
 		kfree(tmp);
+		tmp = NULL;
 		inode = qtfs_iget(parent_inode->i_sb, &ii);
 		if (inode == NULL) {
 			qtfs_err("%s: failed to get inode for %s", __func__, cpath);
diff --git a/qtfs/qtfs/sb.c b/qtfs/qtfs/sb.c
index 33f48a2bdfb1ee7f5b7cf9a8dca6f7d7d2e732af..ec944580b0bd5326a07c89b461002a72af5a9522 100644
--- a/qtfs/qtfs/sb.c
+++ b/qtfs/qtfs/sb.c
@@ -336,10 +336,10 @@ ssize_t qtfs_readiter(struct kiocb *kio, struct iov_iter *iov)
 			qtfs_conn_put_param(pvar);
 			return QTFS_PTR_ERR(rsp);
 		}
-		if (rsp->d.ret == QTFS_ERR || rsp->d.len <= 0) {
+		if (rsp->d.ret == QTFS_ERR || rsp->d.len <= 0 || rsp->d.len > leftlen) {
 			if (rsp->d.len != 0)
 				qtfs_info("qtfs readiter error: %ld.", rsp->d.len);
-			ret = (ssize_t)rsp->d.len;
+			ret = (rsp->d.len > leftlen) ? leftlen : (ssize_t)rsp->d.len;
 			qtfs_conn_put_param(pvar);
 			return (ret > 0) ? allcnt - leftlen + ret : allcnt - leftlen;
 		}
@@ -570,8 +570,8 @@ long qtfs_do_ioctl(struct file *filp, unsigned int cmd, unsigned long arg, unsig
 		return -EINVAL;
 	}
 
-	WARN_ON(size >= MAX_PATH_LEN);
 	if (size >= MAX_PATH_LEN) {
+		WARN_ON(1);
 		qtfs_conn_put_param(pvar);
 		return -EINVAL;
 	}
diff --git a/qtfs/qtfs_common/conn.c b/qtfs/qtfs_common/conn.c
index 6042307acdd72e9fa1ed57caab7d9e7c45aeb083..5fd717f9562ecd11f08a35693149efac46e78c79 100644
--- a/qtfs/qtfs_common/conn.c
+++ b/qtfs/qtfs_common/conn.c
@@ -318,10 +318,6 @@ void qtfs_conn_msg_clear(struct qtfs_conn_var_s *pvar)
 void *qtfs_conn_msg_buf(struct qtfs_conn_var_s *pvar, int dir)
 {
 	struct qtreq *req = (dir == QTFS_SEND) ? pvar->vec_send.iov_base : pvar->vec_recv.iov_base;
-	if (!req) {
-		WARN_ON(1);
-		return NULL;
-	}
 	return req->data;
 }
 
diff --git a/qtfs/qtfs_common/socket.c b/qtfs/qtfs_common/socket.c
index 1d558a07f6bf34ab7be55d7f67ed77f762430820..c7d01b76b7c9df6b93d82c0b9773270f8d396a30 100644
--- a/qtfs/qtfs_common/socket.c
+++ b/qtfs/qtfs_common/socket.c
@@ -223,6 +223,12 @@ static int qtfs_conn_sock_client_connect(struct qtfs_conn_var_s *pvar)
 	struct socket *sock = pvar->conn_var.sock_var.client_sock;
 	int ret;
 	struct sockaddr_in saddr;
+
+	if (!sock) {
+		qtfs_err("Invalid client sock, which is null\n");
+		return -EINVAL;
+	}
+
 	saddr.sin_family = AF_INET;
 	saddr.sin_port = htons(pvar->conn_var.sock_var.port);
 	saddr.sin_addr.s_addr = in_aton(pvar->conn_var.sock_var.addr);