diff --git a/admin/autoupdater/src/autoupdater.c b/admin/autoupdater/src/autoupdater.c
index 0c08f3a..177e5d7 100644
--- a/admin/autoupdater/src/autoupdater.c
+++ b/admin/autoupdater/src/autoupdater.c
@@ -144,7 +144,8 @@ static void parse_args(int argc, char *argv[], struct settings *settings) {
 
 	if (optind < argc) {
 		settings->n_mirrors = argc - optind;
-		settings->mirrors = malloc(settings->n_mirrors * sizeof(char *));
+		settings->mirrors = safe_malloc(settings->n_mirrors * sizeof(char *));
+
 		for (int i = optind; i < argc; i++) {
 			settings->mirrors[i - optind] = argv[i];
 		}
diff --git a/admin/autoupdater/src/manifest.c b/admin/autoupdater/src/manifest.c
index 0c51c24..fae3343 100644
--- a/admin/autoupdater/src/manifest.c
+++ b/admin/autoupdater/src/manifest.c
@@ -23,9 +23,9 @@
   OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */
 
-
 #include "hexutil.h"
 #include "manifest.h"
+#include "util.h"
 
 #include <errno.h>
 #include <limits.h>
@@ -80,14 +80,15 @@ static bool parse_rfc3339(const char *input, time_t *date) {
 
 void parse_line(char *line, struct manifest *m, const char *branch, const char *image_name) {
 	if (m->sep_found) {
-		ecdsa_signature_t *sig = malloc(sizeof(ecdsa_signature_t));
+		ecdsa_signature_t *sig = safe_malloc(sizeof(ecdsa_signature_t));
+
 		if (!parsehex(sig, line, sizeof(*sig))) {
 			free(sig);
 			fprintf(stderr, "autoupdater: warning: garbage in signature area: %s\n", line);
 			return;
 		}
 		m->n_signatures++;
-		m->signatures = realloc(m->signatures, m->n_signatures * sizeof(ecdsa_signature_t *));
+		m->signatures = safe_realloc(m->signatures, m->n_signatures * sizeof(ecdsa_signature_t *));
 		m->signatures[m->n_signatures - 1] = sig;
 	} else if (strcmp(line, "---") == 0) {
 		m->sep_found = true;
diff --git a/admin/autoupdater/src/settings.c b/admin/autoupdater/src/settings.c
index 97a9dbd..fde03b8 100644
--- a/admin/autoupdater/src/settings.c
+++ b/admin/autoupdater/src/settings.c
@@ -27,6 +27,7 @@
 
 #include "settings.h"
 #include "hexutil.h"
+#include "util.h"
 
 #include <uci.h>
 
@@ -97,7 +98,7 @@ static const char ** load_string_list(struct uci_context *ctx, struct uci_sectio
 		i++;
 
 	*len = i;
-	const char **ret = malloc(i * sizeof(char *));
+	const char **ret = safe_malloc(i * sizeof(char *));
 
 	i = 0;
 	uci_foreach_element(&o->v.list, e)
@@ -159,7 +160,7 @@ void load_settings(struct settings *settings) {
 		settings->mirrors = load_string_list(ctx, branch, "mirror", &settings->n_mirrors);
 
 	const char **pubkeys_str = load_string_list(ctx, branch, "pubkey", &settings->n_pubkeys);
-	settings->pubkeys = malloc(settings->n_pubkeys * sizeof(ecc_25519_work_t));
+	settings->pubkeys = safe_malloc(settings->n_pubkeys * sizeof(ecc_25519_work_t));
 	size_t ignored_keys = 0;
 	for (size_t i = 0; i < settings->n_pubkeys; i++) {
 		ecc_int256_t pubkey_packed;