diff -up diffutils-3.6/lib/quotearg.c.covscan diffutils-3.6/lib/quotearg.c
--- diffutils-3.6/lib/quotearg.c.covscan	2017-05-20 02:14:05.000000000 +0200
+++ diffutils-3.6/lib/quotearg.c	2018-08-13 14:20:54.934196535 +0200
@@ -886,8 +886,9 @@ quotearg_n_options (int n, char const *a
   if (nslots <= n)
     {
       bool preallocated = (sv == &slotvec0);
-
-      if (MIN (INT_MAX, MIN (PTRDIFF_MAX, SIZE_MAX) / sizeof *sv) <= n)
+      int nmax = MIN (INT_MAX, MIN (PTRDIFF_MAX, SIZE_MAX) / sizeof *sv) - 1;
+      
+      if (nmax < n)
         xalloc_die ();
 
       slotvec = sv = xrealloc (preallocated ? NULL : sv, (n + 1) * sizeof *sv);
diff -up diffutils-3.6/src/diff.h.covscan diffutils-3.6/src/diff.h
--- diffutils-3.6/src/diff.h.covscan	2018-08-13 14:20:54.931196520 +0200
+++ diffutils-3.6/src/diff.h	2018-08-13 14:20:54.935196541 +0200
@@ -392,7 +392,7 @@ extern void print_sdiff_script (struct c
 extern char const change_letter[4];
 extern char const pr_program[];
 extern char *concat (char const *, char const *, char const *);
-extern bool (*lines_differ) (char const *, size_t, char const *, size_t) _GL_ATTRIBUTE_PURE;
+extern bool (*lines_differ) (char const *, size_t, char const *, size_t);
 extern bool lines_differ_singlebyte (char const *, size_t, char const *, size_t) _GL_ATTRIBUTE_PURE;
 #ifdef HANDLE_MULTIBYTE
 extern bool lines_differ_multibyte (char const *, size_t, char const *, size_t) _GL_ATTRIBUTE_PURE;
diff -up diffutils-3.6/src/ifdef.c.covscan diffutils-3.6/src/ifdef.c
--- diffutils-3.6/src/ifdef.c.covscan	2017-05-18 19:39:59.000000000 +0200
+++ diffutils-3.6/src/ifdef.c	2018-08-13 14:20:54.935196541 +0200
@@ -362,20 +362,14 @@ do_printf_spec (FILE *out, char const *s
 	    printint print_value = value;
 	    size_t spec_prefix_len = f - spec - 2;
 	    size_t pI_len = sizeof pI - 1;
-#if 0
-	    char format[spec_prefix_len + pI_len + 2];
-#else
 	    char *format = xmalloc (spec_prefix_len + pI_len + 2);
-#endif
 	    char *p = format + spec_prefix_len + pI_len;
 	    memcpy (format, spec, spec_prefix_len);
 	    memcpy (format + spec_prefix_len, pI, pI_len);
 	    *p++ = c;
 	    *p = '\0';
 	    fprintf (out, format, print_value);
-#if ! HAVE_C_VARARRAYS
 	    free (format);
-#endif
 	  }
       }
       break;
diff -up diffutils-3.6/src/sdiff.c.covscan diffutils-3.6/src/sdiff.c
--- diffutils-3.6/src/sdiff.c.covscan	2018-08-13 14:41:13.969450849 +0200
+++ diffutils-3.6/src/sdiff.c	2018-08-13 14:44:07.877344103 +0200
@@ -230,8 +230,10 @@ cleanup (int signo __attribute__((unused
   if (0 < diffpid)
     kill (diffpid, SIGPIPE);
 #endif
-  if (tmpname)
+  if (tmpname) {
     unlink (tmpname);
+    free (tmpname);
+  }
 }
 
 static void exiterr (void) __attribute__((noreturn));
@@ -685,6 +687,7 @@ main (int argc, char *argv[])
 	if (tmpname)
 	  {
 	    unlink (tmpname);
+	    free (tmpname);
 	    tmpname = 0;
 	  }