diff --git checkpolicy-2.8/module_compiler.c checkpolicy-2.8/module_compiler.c
index 155702f..ada7cb2 100644
--- checkpolicy-2.8/module_compiler.c
+++ checkpolicy-2.8/module_compiler.c
@@ -802,6 +802,7 @@ int require_class(int pass)
 	if ((datum = calloc(1, sizeof(*datum))) == NULL ||
 	    symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
 		yyerror("Out of memory!");
+		class_datum_destroy(datum);
 		return -1;
 	}
 	ret =
diff --git checkpolicy-2.8/policy_define.c checkpolicy-2.8/policy_define.c
index d8788a6..ece10e7 100644
--- checkpolicy-2.8/policy_define.c
+++ checkpolicy-2.8/policy_define.c
@@ -1107,6 +1107,11 @@ int define_level(void)
 			    (cat_datum_t *) hashtab_search(policydbp->p_cats.
 							   table,
 							   (hashtab_key_t) id);
+			if (!cdatum) {
+				yyerror2("unknown category %s", id);
+				free(id);
+				return -1;
+			}
 			range_start = range_end = cdatum->s.value - 1;
 		}