diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c
index d9a51201..738239a6 100644
--- a/src/fe-common/core/formats.c
+++ b/src/fe-common/core/formats.c
@@ -68,7 +68,7 @@ static void format_expand_code(const char **format, GString *out, int *flags)
 
 	if (flags == NULL) {
 		/* flags are being ignored - skip the code */
-		while (**format != ']')
+		while (**format != ']' && **format != '\0')
 			(*format)++;
 		return;
 	}
@@ -246,6 +246,10 @@ int format_expand_styles(GString *out, const char **format, int *flags)
 	case '[':
 		/* code */
 		format_expand_code(format, out, flags);
+		if ((*format)[0] == '\0')
+			/* oops, reached end prematurely */
+			(*format)--;
+
 		break;
 	case 'x':
 	case 'X':
@@ -972,6 +976,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
 			str++;
 			for (num2 = 0; i_isdigit(*str); str++)
 				num2 = num2*10 + (*str-'0');
+			if (*str == '\0') return start;
 
 			switch (num2) {
 			case 2:
@@ -989,6 +994,8 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
 					for (; i_isdigit(*str); str++)
 						num2 = (num2&~0xff) |
 							(((num2&0xff) * 10 + (*str-'0'))&0xff);
+
+					if (*str == '\0') return start;
 				}
 
 				if (i == -1) break;
@@ -1017,6 +1024,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
 				str++;
 				for (num2 = 0; i_isdigit(*str); str++)
 					num2 = num2*10 + (*str-'0');
+				if (*str == '\0') return start;
 
 				if (num == 38) {
 					flags &= ~GUI_PRINT_FLAG_COLOR_24_FG;
diff --git a/src/fe-text/term-terminfo.c b/src/fe-text/term-terminfo.c
index 27be904e..8fac76b3 100644
--- a/src/fe-text/term-terminfo.c
+++ b/src/fe-text/term-terminfo.c
@@ -539,9 +539,16 @@ int term_addstr(TERM_WINDOW *window, const char *str)
 
 	if (term_type == TERM_TYPE_UTF8) {
 		while (*ptr != '\0') {
-			tmp = g_utf8_get_char(ptr);
-			len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1;
-			ptr = g_utf8_next_char(ptr);
+			tmp = g_utf8_get_char_validated(ptr, -1);
+			/* On utf8 error, treat as single byte and try to
+			   continue interpretting rest of string as utf8 */
+			if (tmp == (gunichar)-1 || tmp == (gunichar)-2) {
+				len++;
+				ptr++;
+			} else {
+				len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1;
+				ptr = g_utf8_next_char(ptr);
+			}
 		}
 	} else
 		len = raw_len;
diff --git a/src/irc/core/irc-nicklist.c b/src/irc/core/irc-nicklist.c
index bcb9d1f6..f049fe79 100644
--- a/src/irc/core/irc-nicklist.c
+++ b/src/irc/core/irc-nicklist.c
@@ -314,7 +314,11 @@ static void event_whois_ircop(SERVER_REC *server, const char *data)
 static void event_nick_invalid(IRC_SERVER_REC *server, const char *data)
 {
 	if (!server->connected)
-		server_disconnect((SERVER_REC *) server);
+		/* we used to call server_disconnect but that crashes
+		   irssi because of undefined memory access. instead,
+		   indicate that the connection should be dropped and
+		   let the irc method to the clean-up. */
+		server->connection_lost = server->no_reconnect = TRUE;
 }
 
 static void event_nick_in_use(IRC_SERVER_REC *server, const char *data)
diff --git a/src/irc/core/irc-queries.c b/src/irc/core/irc-queries.c
index 12861744..77a5289d 100644
--- a/src/irc/core/irc-queries.c
+++ b/src/irc/core/irc-queries.c
@@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC *server, const char *nick)
 {
 	GSList *tmp;
 
+	g_return_val_if_fail(nick != NULL, NULL);
+
 	for (tmp = server->queries; tmp != NULL; tmp = tmp->next) {
 		QUERY_REC *rec = tmp->data;