diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index 47603e0..cb58cf0 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
@@ -63,10 +63,12 @@ static int read_binary_policy(policydb_t * p, char *file, char *progname)
 	if (fstat(fd, &sb) < 0) {
 		fprintf(stderr, "Can't stat '%s':  %s\n",
 			file, strerror(errno));
+		close(fd);
 		return -1;
 	}
 	map =
 	    mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE, fd, 0);
+	close(fd);
 	if (map == MAP_FAILED) {
 		fprintf(stderr, "Can't map '%s':  %s\n", file, strerror(errno));
 		return -1;
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 8fa3214..2c12447 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -2341,7 +2341,10 @@ int define_role_trans(int class_specified)
 			return -1;
 		}
 
-		ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE);
+		if (ebitmap_set_bit(&e_classes, cladatum->s.value - 1, TRUE)) {
+			yyerror("out of memory");
+			return -1;
+		}
 	}
 
 	id = (char *)queue_remove(id_queue);