diff --git a/src/agent.c b/src/agent.c
index fc2e12c82ee3a52598049878651726b45dbe2b35..b9fe375ab2939d91651c368beec73bf60080c543 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -4899,6 +4899,7 @@ static void parse_ap_stats(struct ubus_request *req, int type,
 	int bss_index;
 	struct wifi_radio_element *radio;
 	struct wifi_bss_element *bss;
+	struct wifi_bss_element *bsslist;
 	struct netif_fh *fh = (struct netif_fh *)req->priv;
 	struct blob_attr *tb[6];
 	static const struct blobmsg_policy ap_stats_attr[6] = {
@@ -4915,10 +4916,13 @@ static void parse_ap_stats(struct ubus_request *req, int type,
 	if (!radio)
 		return;
 
-	radio->num_bss++;
-	radio->bsslist = (struct wifi_bss_element *)realloc(radio->bsslist,
-			radio->num_bss * sizeof(struct wifi_bss_element));
-	if (!radio->bsslist)
+	bsslist = (struct wifi_bss_element *)realloc(radio->bsslist,
+			(radio->num_bss + 1) * sizeof(struct wifi_bss_element));
+
+	if (bsslist) {
+		radio->bsslist = bsslist;
+		radio->num_bss++;
+	} else
 		return;
 
 	bss_index = radio->num_bss - 1;
diff --git a/src/agent_cmdu.c b/src/agent_cmdu.c
index ae18d76ed425952d04a1354b7436c0d25ac21051..b4ddaf2b119a12c84741e7ad3e2ac9ac977ee264 100644
--- a/src/agent_cmdu.c
+++ b/src/agent_cmdu.c
@@ -1102,7 +1102,7 @@ struct cmdu_buff *agent_gen_topology_query(struct agent *a, uint8_t *origin)
 struct cmdu_buff *agent_gen_topology_response(struct agent *a, uint8_t *origin,
 	uint16_t mid)
 {
-	struct cmdu_buff *resp, *ext;
+	struct cmdu_buff *resp = NULL, *ext = NULL;
 	int ret;
 
 	/* query i1905d base CMDU */
@@ -1113,7 +1113,6 @@ struct cmdu_buff *agent_gen_topology_response(struct agent *a, uint8_t *origin,
 		return NULL;
 	}
 
-
 	ext = cmdu_realloc(resp, 2000);
 	if (!ext)
 		goto error;
diff --git a/src/agent_map.c b/src/agent_map.c
index c4a88899cc2d92e60297c0743fa8aa4c1f312520..65b85cbbd69ff6816c0c573b86771eb6e8ae8028 100644
--- a/src/agent_map.c
+++ b/src/agent_map.c
@@ -4249,6 +4249,7 @@ static int agent_monitor_checkadd_sta(struct agent *a,
 {
 	size_t el_size = sizeof(struct wifi_unassoc_sta_element);
 	int num_sta = radio->num_unassoc_sta;
+	struct wifi_unassoc_sta_element *unassoc_stalist;
 	int i;
 
 	trace("agent: %s: --->\n", __func__);
@@ -4269,20 +4270,18 @@ static int agent_monitor_checkadd_sta(struct agent *a,
 	agent_sent_request_monitor_add(a, fh, macaddr);
 
 	/* STA not on the list yet - add */
-	if (!num_sta)
-		radio->unassoc_stalist = calloc(1, el_size);
-	else
-		radio->unassoc_stalist = realloc(
-			radio->unassoc_stalist,
+	unassoc_stalist = realloc(radio->unassoc_stalist,
 			(num_sta + 1) * el_size);
 
-	if (!radio->unassoc_stalist) {
+	if (!unassoc_stalist) {
 		warn("[%s:%d] failed to (re)allocate unassoc_stalist\n",
 		     __func__, __LINE__);
 		return -1;
 	}
 
+	radio->unassoc_stalist = unassoc_stalist;
 	radio->num_unassoc_sta++;
+
 	memset(&radio->unassoc_stalist[num_sta],
 			0, sizeof(struct wifi_unassoc_sta_element));
 	memcpy(radio->unassoc_stalist[num_sta].macaddr, macaddr, 6);