diff --git a/ctaocrypt/src/rabbit.c b/ctaocrypt/src/rabbit.c
index dee504361..baa465eb7 100644
--- a/ctaocrypt/src/rabbit.c
+++ b/ctaocrypt/src/rabbit.c
@@ -249,25 +249,27 @@ static INLINE int DoProcess(Rabbit* ctx, byte* output, const byte* input,
     if (msglen) {
 
         word32 i;
-        byte   buffer[16];
+        word32 tmp[4];
+        byte*  buffer = (byte*)tmp;
+
+        XMEMSET(tmp, 0, sizeof(tmp));   /* help static analysis */
 
         /* Iterate the system */
         RABBIT_next_state(&(ctx->workCtx));
 
         /* Generate 16 bytes of pseudo-random data */
-        *(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^
+        tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
                   (ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
-        *(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^ 
+        tmp[1] = LITTLE32(ctx->workCtx.x[2] ^ 
                   (ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
-        *(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^ 
+        tmp[2] = LITTLE32(ctx->workCtx.x[4] ^ 
                   (ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
-        *(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^ 
+        tmp[3] = LITTLE32(ctx->workCtx.x[6] ^ 
                   (ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));
 
         /* Encrypt/decrypt the data */
         for (i=0; i<msglen; i++)
-            output[i] = input[i] ^ buffer[i];  /* scan-build thinks buffer[i] */
-                                               /* is garbage, it is not! */ 
+            output[i] = input[i] ^ buffer[i];
     }
 
     return 0;
diff --git a/src/internal.c b/src/internal.c
index 24997aae9..07defa7c1 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -6914,7 +6914,7 @@ int SetCipherList(Suites* s, const char* list)
             if (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
                                          ssl->session.sessionID, ID_LEN) == 0) {
                 if (SetCipherSpecs(ssl) == 0) {
-                    int ret; 
+                    int ret = -1; 
                     XMEMCPY(ssl->arrays->masterSecret,
                             ssl->session.masterSecret, SECRET_LEN);
                     #ifdef NO_OLD_TLS
@@ -9150,7 +9150,7 @@ int SetCipherList(Suites* s, const char* list)
         ssl->options.haveSessionId = 1;
         /* DoClientHello uses same resume code */
         if (ssl->options.resuming) {  /* let's try */
-            int ret; 
+            int ret = -1; 
             CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
             if (!session) {
                 CYASSL_MSG("Session lookup for resume failed");
@@ -9369,7 +9369,7 @@ int SetCipherList(Suites* s, const char* list)
         ssl->options.haveSessionId = 1;
         /* ProcessOld uses same resume code */
         if (ssl->options.resuming) {  /* let's try */
-            int ret;            
+            int ret = -1;            
             CYASSL_SESSION* session = GetSession(ssl,ssl->arrays->masterSecret);
             if (!session) {
                 CYASSL_MSG("Session lookup for resume failed");