diff --git a/src/desktop_exec.c b/src/desktop_exec.c
index 08d9b4f..1cbae04 100644
--- a/src/desktop_exec.c
+++ b/src/desktop_exec.c
@@ -18,7 +18,9 @@
 // returns NULL on any error
 // otherwise it returns the absolute path of the program that MUST BE FREED
 static char* NULLABLE search_path(const char* NNULLABLE for_binary) {
-  char* path = strdup(getenv("PATH"));
+  char* path_env = getenv("PATH");
+  if (!path_env) return NULL;
+  char* path = strdup(path_env);
   if (!path) return NULL;
 
   char* tok = strtok(path, ":");
@@ -42,6 +44,7 @@ static char* NULLABLE search_path(const char* NNULLABLE for_binary) {
     tok = strtok(NULL, ":");
   }
 
+  free(path);
   return NULL;
 }
 
diff --git a/src/launch_state.c b/src/launch_state.c
index ae16661..8fdefbf 100644
--- a/src/launch_state.c
+++ b/src/launch_state.c
@@ -22,6 +22,10 @@ int read_launch_state(struct LaunchState* NNULLABLE state) {
 
   size_t num = 0;
   if (getline(&state->username, &num, state_fd) < 0) goto fail;
+  // not sure I can actually prove it but ughh, getline < 0 will ensure there's
+  // something in the string and then I think strcspn is bounded to the final
+  // null byte, so it shouldn't go over
+  // NOLINTNEXTLINE(clang-analyzer-security.ArrayBound)
   state->username[strcspn(state->username, "\n")] = 0;
 
   num = 0;