fix bugs exposed by address sanitizer

Created by: germasch

In an unrelated PR, I had to use clang's address sanitize, and when running the test suite, a whole bunch of other tests then failed. Fortunately, there were actually relatively few bugs underlying the many failures. I'd consider adding an address sanitizer to the list of automated builds/checks -- looks like you already have some ubsan, so should be similar.

All of these triggered in the existing test suite, and are shown to be gone by the existing test suites, so new tests are added.