diff --git a/_coverity.cmd b/_coverity.cmd
new file mode 100644
index 00000000..397c7f30
--- /dev/null
+++ b/_coverity.cmd
@@ -0,0 +1,17 @@
+@echo off
+set PWD=%~dp0
+rmdir cov-int /s /q
+del cov-int.zip >NUL 2>NUL
+mkdir cov-int
+cov-build --dir cov-int wdk_build.cmd
+rem *** zip script by Peter Mortensen - http://superuser.com/a/111266/286681
+echo Set objArgs = WScript.Arguments> zip.vbs
+echo InputFolder = objArgs(0)>> zip.vbs
+echo ZipFile = objArgs(1)>> zip.vbs
+echo CreateObject("Scripting.FileSystemObject").CreateTextFile(ZipFile, True).Write "PK" ^& Chr(5) ^& Chr(6) ^& String(18, vbNullChar)>> zip.vbs
+echo Set objShell = CreateObject("Shell.Application")>> zip.vbs
+echo Set source = objShell.NameSpace(InputFolder).Items>> zip.vbs
+echo objShell.NameSpace(ZipFile).CopyHere(source)>> zip.vbs
+echo wScript.Sleep 2000>> zip.vbs
+CScript zip.vbs %PWD%cov-int %PWD%cov-int.zip
+del zip.vbs
diff --git a/src/bled/data_extract_all.c b/src/bled/data_extract_all.c
index f7598aac..3961ebef 100644
--- a/src/bled/data_extract_all.c
+++ b/src/bled/data_extract_all.c
@@ -116,10 +116,10 @@ void FAST_FUNC data_extract_all(archive_handle_t *archive_handle)
 			/* rpm-style temp file name */
 			dst_name = xasprintf("%s;%x", dst_name, (int)getpid());
 #endif
-		dst_fd = xopen3(dst_name,
-			flags,
-			file_header->mode
-			);
+		dst_fd = open(dst_name, flags, file_header->mode);
+		if (dst_fd < 0) {
+			bb_perror_msg_and_die("can't open file %s", dst_name);
+		}
 		bb_copyfd_exact_size(archive_handle->src_fd, dst_fd, file_header->size);
 		close(dst_fd);
 #ifdef ARCHIVE_REPLACE_VIA_RENAME
diff --git a/src/bled/libbb.h b/src/bled/libbb.h
index 12cdf906..0b123eec 100644
--- a/src/bled/libbb.h
+++ b/src/bled/libbb.h
@@ -173,6 +173,15 @@ static inline pid_t wait(int* status) { *status = 4; return -1; }
 extern uint64_t bb_total_rb;
 static inline int full_read(int fd, void *buf, size_t count) {
 	int rb;
+
+	if (fd < 0) {
+		errno = EBADF;
+		return -1;
+	}
+	if (buf == NULL) {
+		errno = EFAULT;
+		return -1;
+	}
 	if ((bled_cancel_request != NULL) && (*bled_cancel_request != 0)) {
 		errno = EINTR;
 		return -1;
@@ -198,7 +207,6 @@ static inline struct tm *localtime_r(const time_t *timep, struct tm *result) {
 #define xmalloc malloc
 #define xzalloc(x) calloc(x, 1)
 #define malloc_or_warn malloc
-#define xopen3 open
 #define mkdir(x, y) _mkdirU(x)
 
 #if defined(_MSC_VER)
diff --git a/src/drive.c b/src/drive.c
index 029be940..57e2512d 100644
--- a/src/drive.c
+++ b/src/drive.c
@@ -1027,7 +1027,7 @@ BOOL CreatePartition(HANDLE hDrive, int partition_style, int file_system, BOOL m
 	BOOL r;
 	DWORD i, size, bufsize, pn = 0;
 	LONGLONG main_part_size_in_sectors, extra_part_size_in_tracks = 0, ms_efi_size;
-	const LONGLONG bytes_per_track = SelectedDrive.Geometry.SectorsPerTrack * SelectedDrive.Geometry.BytesPerSector;
+	const LONGLONG bytes_per_track = ((LONGLONG)SelectedDrive.Geometry.SectorsPerTrack) * SelectedDrive.Geometry.BytesPerSector;
 
 	PrintInfoDebug(0, MSG_238, PartitionTypeName[partition_style]);
 
@@ -1052,6 +1052,7 @@ BOOL CreatePartition(HANDLE hDrive, int partition_style, int file_system, BOOL m
 		DriveLayoutEx.PartitionEntry[pn].PartitionLength.QuadPart = 128*1024*1024;
 		DriveLayoutEx.PartitionEntry[pn].Gpt.PartitionType = PARTITION_MSFT_RESERVED_GUID;
 		IGNORE_RETVAL(CoCreateGuid(&DriveLayoutEx.PartitionEntry[pn].Gpt.PartitionId));
+		// coverity[strcpy_overrun]
 		wcscpy(DriveLayoutEx.PartitionEntry[pn].Gpt.Name, L"Microsoft reserved partition");
 
 		// We must zero the beginning of this partition, else we get FAT leftovers and stuff
diff --git a/src/rufus.rc b/src/rufus.rc
index 992729c7..4755ea62 100644
--- a/src/rufus.rc
+++ b/src/rufus.rc
@@ -32,7 +32,7 @@ LANGUAGE LANG_NEUTRAL, SUBLANG_NEUTRAL
 
 IDD_DIALOG DIALOGEX 12, 12, 242, 376
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
-CAPTION "Rufus 2.0.620"
+CAPTION "Rufus 2.0.621"
 FONT 8, "Segoe UI", 400, 0, 0x1
 BEGIN
     DEFPUSHBUTTON   "Start",IDC_START,127,339,50,14
@@ -157,7 +157,7 @@ END
 
 IDD_DIALOG_XP DIALOGEX 12, 12, 242, 376
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
-CAPTION "Rufus 2.0.620"
+CAPTION "Rufus 2.0.621"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
     DEFPUSHBUTTON   "Start",IDC_START,127,339,50,14
@@ -283,7 +283,7 @@ END
 IDD_DIALOG_RTL DIALOGEX 12, 12, 242, 376
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_RTLREADING | WS_EX_APPWINDOW | WS_EX_LAYOUTRTL
-CAPTION "Rufus 2.0.620"
+CAPTION "Rufus 2.0.621"
 FONT 8, "Segoe UI", 400, 0, 0x1
 BEGIN
     DEFPUSHBUTTON   "Start",IDC_START,127,339,50,14
@@ -415,7 +415,7 @@ END
 IDD_DIALOG_RTL_XP DIALOGEX 12, 12, 242, 376
 STYLE DS_SETFONT | DS_MODALFRAME | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
 EXSTYLE WS_EX_RTLREADING | WS_EX_APPWINDOW | WS_EX_LAYOUTRTL
-CAPTION "Rufus 2.0.620"
+CAPTION "Rufus 2.0.621"
 FONT 8, "MS Shell Dlg", 400, 0, 0x1
 BEGIN
     DEFPUSHBUTTON   "Start",IDC_START,127,339,50,14
@@ -671,8 +671,8 @@ END
 //
 
 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 2,0,620,0
- PRODUCTVERSION 2,0,620,0
+ FILEVERSION 2,0,621,0
+ PRODUCTVERSION 2,0,621,0
  FILEFLAGSMASK 0x3fL
 #ifdef _DEBUG
  FILEFLAGS 0x1L
@@ -689,13 +689,13 @@ BEGIN
         BEGIN
             VALUE "CompanyName", "Akeo Consulting (http://akeo.ie)"
             VALUE "FileDescription", "Rufus"
-            VALUE "FileVersion", "2.0.620"
+            VALUE "FileVersion", "2.0.621"
             VALUE "InternalName", "Rufus"
             VALUE "LegalCopyright", "© 2011-2015 Pete Batard (GPL v3)"
             VALUE "LegalTrademarks", "http://www.gnu.org/copyleft/gpl.html"
             VALUE "OriginalFilename", "rufus.exe"
             VALUE "ProductName", "Rufus"
-            VALUE "ProductVersion", "2.0.620"
+            VALUE "ProductVersion", "2.0.621"
         END
     END
     BLOCK "VarFileInfo"
diff --git a/src/stdfn.c b/src/stdfn.c
index 88de4693..19d1c03d 100644
--- a/src/stdfn.c
+++ b/src/stdfn.c
@@ -569,11 +569,13 @@ DWORD RunCommand(const char* cmd, const char* dir, BOOL log)
 
 	if (log) {
 		while (1) {
+			// coverity[string_null]
 			if (PeekNamedPipe(hOutputRead, output, sizeof(output)-1, &dwRead, &dwAvail, &dwMsg)) {
 				// Don't care about possible multiple reads being needed
 				if ((dwAvail != 0) && (ReadFile(hOutputRead, output, dwAvail, &dwRead, NULL)) && (dwRead != 0)) {
 					// This seems to be needed. Won't overflow since we set our max sizes to sizeof(output)-1
 					output[dwAvail] = 0;
+					// coverity[tainted_string]
 					uprintf(output);
 				}
 			}
@@ -745,7 +747,6 @@ DWORD WINAPI SetLGPThread(LPVOID param)
 
 error:
 	if (path_key != NULL) RegCloseKey(path_key);
-	if (policy_key != NULL) RegCloseKey(policy_key);
 	if (pLGPO != NULL) pLGPO->lpVtbl->Release(pLGPO);
 	return FALSE;
 }