diff --git a/avstream/avscamera/DMFT/AvsCameraDMFT.cpp b/avstream/avscamera/DMFT/AvsCameraDMFT.cpp
index e12cff652..01f915be1 100644
--- a/avstream/avscamera/DMFT/AvsCameraDMFT.cpp
+++ b/avstream/avscamera/DMFT/AvsCameraDMFT.cpp
@@ -14,11 +14,20 @@ CMultipinMft::CMultipinMft()
 :   m_nRefCount( 0 ),
     m_InputPinCount( 0 ),
     m_OutputPinCount( 0 ),
-    m_dwWorkQueueId ( MFASYNC_CALLBACK_QUEUE_MULTITHREADED ),
-    m_lWorkQueuePriority ( 0 ),
-    m_spAttributes( nullptr ),
+    m_StreamingState( DeviceStreamState_Disabled ),
+    m_OutPins(),
+    m_InPins(),
+    m_critSec(),
+    m_spDeviceManagerUnk( nullptr ),
     m_spSourceTransform( nullptr ),
-    m_SymbolicLink(nullptr)
+    m_eShutdownStatus( MFSHUTDOWN_INITIATED ),
+    m_dwWorkQueueId( MFASYNC_CALLBACK_QUEUE_MULTITHREADED ),
+    m_lWorkQueuePriority( 0 ),
+    m_punValue( 0 ),
+    m_spIkscontrol( nullptr ),
+    m_spAttributes( nullptr ),
+    m_outputPinMap(),
+    m_SymbolicLink( nullptr )
 
 {
     HRESULT hr = S_OK;
@@ -189,7 +198,7 @@ IFACEMETHODIMP CMultipinMft::InitializeTransform (
         //
         // Create one on one mapping
         //
-        for (ULONG ulIndex = 0; ulIndex < m_InPins.size(); ulIndex++)
+        for (ULONG ulIndex = 0; ulIndex < (ULONG)(m_InPins.size()); ulIndex++)
         {
             
             ComPtr<CInPin> spInPin = (CInPin*)m_InPins[ulIndex].Get();
@@ -378,12 +387,16 @@ IFACEMETHODIMP  CMultipinMft::GetInputAvailableType(
     )
 {
     HRESULT hr = S_OK;
-        
+    
+    if (ppMediaType)
+    {
+        *ppMediaType = nullptr;
+    }
+
     ComPtr<CInPin> spiPin = GetInPin( dwInputStreamID );
     DMFTCHECKNULL_GOTO(ppMediaType, done, E_INVALIDARG);
     DMFTCHECKNULL_GOTO( spiPin, done, MF_E_INVALIDSTREAMNUMBER );
-    
-    *ppMediaType = nullptr;
+
 
     hr = spiPin->GetOutputAvailableType( dwTypeIndex,ppMediaType );
 
@@ -417,12 +430,15 @@ IFACEMETHODIMP CMultipinMft::GetOutputAvailableType(
     CAutoLock Lock(m_critSec);
 
     ComPtr<COutPin> spoPin = GetOutPin( dwOutputStreamID );
+    
+    if (ppMediaType)
+    {
+        *ppMediaType = nullptr;
+    }
 
     DMFTCHECKNULL_GOTO( spoPin.Get(), done, MF_E_INVALIDSTREAMNUMBER );
     DMFTCHECKNULL_GOTO(ppMediaType, done, E_INVALIDARG);
 
-    *ppMediaType = nullptr;
-
     hr = spoPin->GetOutputAvailableType( dwTypeIndex, ppMediaType );
 
     if ( FAILED( hr ) )
diff --git a/avstream/avscamera/DMFT/AvsCameraDMFT.h b/avstream/avscamera/DMFT/AvsCameraDMFT.h
index 27b8607b5..d5c26f5a1 100644
--- a/avstream/avscamera/DMFT/AvsCameraDMFT.h
+++ b/avstream/avscamera/DMFT/AvsCameraDMFT.h
@@ -226,11 +226,6 @@ class CMultipinMft :
 
     static HRESULT CreateInstance(
         REFIID iid, void **ppMFT);
- 
-    __inline BOOL isPhotoModePhotoSequence()
-    {
-        return m_PhotoModeIsPhotoSequence;
-    }
 
     __inline DWORD GetQueueId()
     {
@@ -305,11 +300,9 @@ class CMultipinMft :
 private:
     ULONG                        m_InputPinCount;
     ULONG                        m_OutputPinCount;
-    ULONG                        m_CustomPinCount;
     DeviceStreamState            m_StreamingState;
     CBasePinArray                m_OutPins;
     CBasePinArray                m_InPins;
-    BOOL                         m_PhotoModeIsPhotoSequence;  // used to store if the filter is in photo sequence or not
     long                         m_nRefCount;                 // Reference count
     CCritSec                     m_critSec;                   // Control lock.. taken only durign state change operations   
     ComPtr <IUnknown>            m_spDeviceManagerUnk;        // D3D Manager set, when MFT_MESSAGE_SET_D3D_MANAGER is called through ProcessMessage
diff --git a/avstream/avscamera/DMFT/AvsCameraDMFTutils.cpp b/avstream/avscamera/DMFT/AvsCameraDMFTutils.cpp
index 4a4c75fce..4359b1ec9 100644
--- a/avstream/avscamera/DMFT/AvsCameraDMFTutils.cpp
+++ b/avstream/avscamera/DMFT/AvsCameraDMFTutils.cpp
@@ -734,7 +734,9 @@ HRESULT ParseMetadata_FaceDetection(
     {
         return E_UNEXPECTED;
     }
-    PMETADATA_FACEDATA  pFaceData = (PMETADATA_FACEDATA)(pFaceHeader + 1);
+    PMETADATA_FACEDATA pFaceData = reinterpret_cast<PMETADATA_FACEDATA>(
+        reinterpret_cast<BYTE*>(pFaceHeader) + sizeof(CAMERA_METADATA_FACEHEADER));
+
     UINT32 cbRectSize = sizeof(FaceRectInfoBlobHeader) + (sizeof(FaceRectInfo) * (pFaceHeader->Count));
     BYTE* pRectBuf = new (std::nothrow) BYTE[cbRectSize];
     if (pRectBuf == NULL)
diff --git a/avstream/avscamera/DMFT/basepin.h b/avstream/avscamera/DMFT/basepin.h
index 8051188a4..5b20e25e6 100644
--- a/avstream/avscamera/DMFT/basepin.h
+++ b/avstream/avscamera/DMFT/basepin.h
@@ -90,11 +90,16 @@ class CBasePin:
       _Out_opt_ ULONG* pBytesReturned
       )
   {
-      UNREFERENCED_PARAMETER(pBytesReturned);
-      UNREFERENCED_PARAMETER(ulDataLength);
-      UNREFERENCED_PARAMETER(pMethodData);
       UNREFERENCED_PARAMETER(pMethod);
       UNREFERENCED_PARAMETER(ulMethodLength);
+      UNREFERENCED_PARAMETER(pMethodData);
+      UNREFERENCED_PARAMETER(ulDataLength);
+
+      // Ensure *pBytesReturned is initialized if provided
+      if (pBytesReturned != nullptr)
+      {
+          *pBytesReturned = 0;
+      }
       return S_OK;
   }
   
@@ -106,11 +111,16 @@ class CBasePin:
       _Out_opt_ ULONG* pBytesReturned
       )
   {
-      UNREFERENCED_PARAMETER(pBytesReturned);
-      UNREFERENCED_PARAMETER(ulDataLength);
-      UNREFERENCED_PARAMETER(pEventData);
       UNREFERENCED_PARAMETER(pEvent);
       UNREFERENCED_PARAMETER(ulEventLength);
+      UNREFERENCED_PARAMETER(pEventData);
+      UNREFERENCED_PARAMETER(ulDataLength);
+
+      // Ensure *pBytesReturned is initialized if provided
+      if (pBytesReturned != nullptr)
+      {
+          *pBytesReturned = 0;
+      }
       return S_OK;
   }
 
diff --git a/avstream/avscamera/sys/Capture.cpp b/avstream/avscamera/sys/Capture.cpp
index 730370e60..3694716b2 100644
--- a/avstream/avscamera/sys/Capture.cpp
+++ b/avstream/avscamera/sys/Capture.cpp
@@ -1462,7 +1462,7 @@ Return Value:
                     //
                     if( Pin->DeviceState == KSSTATE_STOP )
                     {
-                        if( !CapPin->CaptureBitmapInfoHeader( ) )
+                        if( !NT_SUCCESS(CapPin->CaptureBitmapInfoHeader( )) )
                         {
                             Status = STATUS_INSUFFICIENT_RESOURCES;
                         }
diff --git a/avstream/avscamera/sys/Device.cpp b/avstream/avscamera/sys/Device.cpp
index 38d4f555f..ec969554c 100644
--- a/avstream/avscamera/sys/Device.cpp
+++ b/avstream/avscamera/sys/Device.cpp
@@ -45,6 +45,8 @@ CCaptureDevice (
     , m_FilterDescriptorCount(0)
     , m_Sensor(nullptr)
     , m_Context(nullptr)
+	, m_DmaAdapterObject(nullptr)
+    , m_NumberOfMapRegisters(0)
 {
     PAGED_CODE();
 }
@@ -85,9 +87,10 @@ CCaptureDevice::
 GetFilterIndex(PKSFILTER Filter)
 {
     PAGED_CODE();
+
     ULONG i;
 
-    for( i=0; i<m_FilterDescriptorCount; i++ )
+    for( i=0; i<(ULONG)m_FilterDescriptorCount; i++ )
     {
         if( Filter->Descriptor->ReferenceGuid &&
             IsEqualGUID(*(m_Context[i].Descriptor->ReferenceGuid), *Filter->Descriptor->ReferenceGuid))
@@ -130,13 +133,19 @@ QueryForInterface(
     _In_ USHORT Size,
     _In_ USHORT Version,
     _In_opt_ PVOID InterfaceSpecificData
-    )
+)
 {
     PAGED_CODE();
 
     PIRP pIrp;
     NTSTATUS status;
 
+    // Ensure the output parameter is initialized to a known state.
+    if (Interface)
+    {
+        RtlZeroMemory(Interface, Size);
+    }
+
     if (TopOfStack == nullptr)
     {
         return STATUS_INVALID_PARAMETER;
@@ -181,7 +190,7 @@ QueryForInterface(
                 KernelMode,
                 FALSE, // Not alertable
                 NULL
-                );
+            );
 
             status = pIrp->IoStatus.Status;
         }
@@ -192,6 +201,12 @@ QueryForInterface(
         status = STATUS_INSUFFICIENT_RESOURCES;
     }
 
+    // If the call failed, ensure Interface is zeroed to avoid returning uninitialized memory.
+    if (!NT_SUCCESS(status) && Interface)
+    {
+        RtlZeroMemory(Interface, Size);
+    }
+
     return status;
 }
 
diff --git a/avstream/avscamera/sys/Device.h b/avstream/avscamera/sys/Device.h
index c203f70e0..8aec7cf4a 100644
--- a/avstream/avscamera/sys/Device.h
+++ b/avstream/avscamera/sys/Device.h
@@ -71,7 +71,7 @@ class CCaptureDevice
     //
 
     //  Number of Filter descriptors & filter factories.
-    size_t  m_FilterDescriptorCount;
+    ULONG  m_FilterDescriptorCount;
 
     //  Pointer to an array of filter descriptor pointers.
     //  Typically it's one sensor for each filter factory.
@@ -407,6 +407,7 @@ class CCaptureDevice
     static IO_COMPLETION_ROUTINE IrpSynchronousCompletion;
 
     virtual
+    _Must_inspect_result_
     NTSTATUS
     QueryForInterface(
         _In_ PDEVICE_OBJECT TopOfStack,
diff --git a/avstream/avscamera/sys/PreviewHwSim.cpp b/avstream/avscamera/sys/PreviewHwSim.cpp
index f55ffa202..66740572e 100644
--- a/avstream/avscamera/sys/PreviewHwSim.cpp
+++ b/avstream/avscamera/sys/PreviewHwSim.cpp
@@ -209,8 +209,8 @@ Return Value:
 
     if (0 != (pStreamHeader->OptionsFlags & KSSTREAM_HEADER_OPTIONSF_METADATA))
     {
-        PKS_FRAME_INFO          pFrameInfo = (PKS_FRAME_INFO)(pStreamHeader + 1);
-        PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO) (pFrameInfo + 1);
+        PKS_FRAME_INFO pFrameInfo = (PKS_FRAME_INFO)((PUCHAR)pStreamHeader + sizeof(KSSTREAM_HEADER));
+        PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO)((PUCHAR)pFrameInfo + sizeof(KS_FRAME_INFO));
         ULONG                   BytesLeft = pMetadata->BufferSize - pMetadata->UsedSize;
 
         if(m_PhotoConfirmationEntry.isRequired())
@@ -325,7 +325,7 @@ Return Value:
             }
             else if ((State.Flags & KSCAMERA_EXTENDEDPROP_IRTORCHMODE_ALTERNATING_FRAME_ILLUMINATION))
             {
-                m_Illuminated = !m_Illuminated;
+                m_Illuminated = ~m_Illuminated;
                 if (m_Illuminated)
                 {
                     pPreviewIllumination->Flags = KSCAMERA_METADATA_FRAMEILLUMINATION_FLAG_ON;
diff --git a/avstream/avscamera/sys/Roi.cpp b/avstream/avscamera/sys/Roi.cpp
index e11189963..b269b3328 100644
--- a/avstream/avscamera/sys/Roi.cpp
+++ b/avstream/avscamera/sys/Roi.cpp
@@ -143,7 +143,7 @@ Return Value:
 
     //  We assume the controls have been validated first.
     PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL pIspCtrl =
-        reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL> (this+1);
+        reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL>(reinterpret_cast<PBYTE>(this) + sizeof(CRoiProperty));
 
     //  Loop thru the controls.
     for( ULONG i=0; i<m_Hdr.ControlCount; i++ )
@@ -155,6 +155,11 @@ Return Value:
 
         //  Advance to the next control.
         pIspCtrl = NextCtrl( pIspCtrl );
+        if(pIspCtrl == nullptr)
+        {
+            NT_ASSERTMSG("NextCtrl( pCtrl ) returned 0!  Should never happen!", FALSE);
+            return nullptr;
+		}
     }
 
     return nullptr;
@@ -192,13 +197,18 @@ Return Value:
     {
         //  We assume the controls have been validated first.
         PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL pIspCtrl =
-            reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL> (this+1);
+            reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL>(reinterpret_cast<PBYTE>(this) + sizeof(CRoiProperty));
 
         //  Loop thru all the controls.
         for( ULONG i=0; i<m_Hdr.ControlCount; i++ )
         {
             //  Advance to the next control.
             pIspCtrl = NextCtrl( pIspCtrl );
+            if (pIspCtrl == nullptr)
+            {
+                NT_ASSERTMSG("NextCtrl( pCtrl ) returned 0!  Should never happen!", FALSE);
+                return nullptr;
+            }
         }
 
         ULONG SizeToCopy = ::GetSize(pCtrl);
@@ -277,14 +287,14 @@ Return Value:
     }
 
     PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL pIspCtrl =
-        reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL> (this+1);
+        reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL>(reinterpret_cast<BYTE*>(this) + sizeof(*this));
 
     //  Loop thru the controls.
     for( ULONG i=0; i<m_Hdr.ControlCount; i++ )
     {
         //  Make sure there is room to inspect this control
-        if( Size < ByteDiffPtrs( this, pIspCtrl+1 ) ||
-                m_Hdr.Size < ByteDiffPtrs( &m_Hdr, pIspCtrl+1 ) )
+        if( Size < ByteDiffPtrs( this, reinterpret_cast<PBYTE>(pIspCtrl) + sizeof(*pIspCtrl) ) ||
+                m_Hdr.Size < ByteDiffPtrs( &m_Hdr, reinterpret_cast<PBYTE>(pIspCtrl) + sizeof(*pIspCtrl) ) )
         {
             //NT_ASSERT(FALSE);
             DBG_TRACE( "Failed(1): Size=%d, should be at least %Iu", Size, ByteDiffPtrs( this, pIspCtrl+1 ) );
@@ -324,7 +334,7 @@ Return Value:
             //  Index into to the control's ROI list.  Get the equivilent of "pIspCtrl->RoiInfo[j]"
             PKSCAMERA_EXTENDEDPROP_ROI_INFO pRoiInfo =
                 reinterpret_cast<PKSCAMERA_EXTENDEDPROP_ROI_INFO>
-                (((PBYTE) (pIspCtrl+1)) + (j * GetSizeOfRoiInfo(pIspCtrl->ControlId) ));
+                ((reinterpret_cast<PBYTE>(pIspCtrl) + sizeof(*pIspCtrl)) + (j * GetSizeOfRoiInfo(pIspCtrl->ControlId) ));
 
             //  Validate the cooridinates
             if( pRoiInfo->Region.top    < (LONG) TO_Q31(0) ||
@@ -500,6 +510,11 @@ Log()
 
         //  Advance to the next control.
         pIspCtrl = reinterpret_cast<CRoiIspControl *>( NextCtrl( pIspCtrl ) ) ;
+        if (pIspCtrl == nullptr)
+        {
+            NT_ASSERTMSG("NextCtrl( pCtrl ) returned 0!  Should never happen!", FALSE);
+            return;
+        }
     }
 }
 
diff --git a/avstream/avscamera/sys/Roi.h b/avstream/avscamera/sys/Roi.h
index 5149bf24e..50dc03a52 100644
--- a/avstream/avscamera/sys/Roi.h
+++ b/avstream/avscamera/sys/Roi.h
@@ -208,18 +208,20 @@ class CRoiIspControl : public KSCAMERA_EXTENDEDPROP_ROI_ISPCONTROL
 class CWhiteBalanceRoiIspControl : public CRoiIspControl
 {
 private:
-    KSCAMERA_EXTENDEDPROP_ROI_WHITEBALANCE  ROI[MAX_ROI];
+    KSCAMERA_EXTENDEDPROP_ROI_WHITEBALANCE  ROI[MAX_ROI] = {};
 
 public:
     CWhiteBalanceRoiIspControl(
         _In_    CRoiProperty *pRoiProperty
     )
+        : ROI{}
     {
         Init( pRoiProperty, KSPROPERTY_CAMERACONTROL_EXTENDED_WHITEBALANCEMODE );
     }
 
     CWhiteBalanceRoiIspControl()
         : CRoiIspControl( KSPROPERTY_CAMERACONTROL_EXTENDED_WHITEBALANCEMODE )
+        , ROI{}
     {}
 
     ULONGLONG
@@ -232,18 +234,20 @@ class CWhiteBalanceRoiIspControl : public CRoiIspControl
 class CExposureRoiIspControl : public CRoiIspControl
 {
 private:
-    KSCAMERA_EXTENDEDPROP_ROI_EXPOSURE  ROI[MAX_ROI];
+    KSCAMERA_EXTENDEDPROP_ROI_EXPOSURE  ROI[MAX_ROI] = {};
 
 public:
     CExposureRoiIspControl(
         _In_    CRoiProperty *pRoiProperty
     )
+        : ROI{}
     {
         Init( pRoiProperty, KSPROPERTY_CAMERACONTROL_EXTENDED_EXPOSUREMODE );
     }
 
     CExposureRoiIspControl()
         : CRoiIspControl( KSPROPERTY_CAMERACONTROL_EXTENDED_EXPOSUREMODE )
+        , ROI{}
     {}
 
     ULONGLONG
@@ -256,18 +260,20 @@ class CExposureRoiIspControl : public CRoiIspControl
 class CFocusRoiIspControl : public CRoiIspControl
 {
 private:
-    KSCAMERA_EXTENDEDPROP_ROI_FOCUS  ROI[MAX_ROI];
+    KSCAMERA_EXTENDEDPROP_ROI_FOCUS ROI[MAX_ROI] = {};
 
 public:
     CFocusRoiIspControl(
         _In_    CRoiProperty *pRoiProperty
     )
+        : ROI{}
     {
         Init( pRoiProperty, KSPROPERTY_CAMERACONTROL_EXTENDED_FOCUSMODE );
     }
 
     CFocusRoiIspControl()
         : CRoiIspControl( KSPROPERTY_CAMERACONTROL_EXTENDED_EXPOSUREMODE )
+        , ROI{}
     {}
 
     ULONGLONG
diff --git a/avstream/avscamera/sys/Synthesizer.h b/avstream/avscamera/sys/Synthesizer.h
index 7281ff809..94506b1df 100644
--- a/avstream/avscamera/sys/Synthesizer.h
+++ b/avstream/avscamera/sys/Synthesizer.h
@@ -231,6 +231,8 @@ class CSynthesizer :
         , m_CommitCount(0)
         , m_CommitTime(0)
         , m_Rotation(AcpiPldRotation0)
+        , m_Colors(nullptr)
+        , m_StartTime(0)
     {
         m_Length = Height * m_SynthesisStride;
         KeQueryPerformanceCounter(&m_Frequency).QuadPart;
diff --git a/avstream/avscamera/sys/VideoHwSim.cpp b/avstream/avscamera/sys/VideoHwSim.cpp
index 839af5305..64d140955 100644
--- a/avstream/avscamera/sys/VideoHwSim.cpp
+++ b/avstream/avscamera/sys/VideoHwSim.cpp
@@ -51,8 +51,12 @@ EmitMetadata(
 
     if (0 != (pStreamHeader->OptionsFlags & KSSTREAM_HEADER_OPTIONSF_METADATA))
     {
-        PKS_FRAME_INFO          pFrameInfo = (PKS_FRAME_INFO)(pStreamHeader + 1);
-        PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO)(pFrameInfo + 1);
+        PKS_FRAME_INFO pFrameInfo = reinterpret_cast<PKS_FRAME_INFO>(
+            reinterpret_cast<PUCHAR>(pStreamHeader) + sizeof(KSSTREAM_HEADER)
+        );
+        PKSSTREAM_METADATA_INFO pMetadata = reinterpret_cast<PKSSTREAM_METADATA_INFO>(
+            reinterpret_cast<PUCHAR>(pFrameInfo) + sizeof(KS_FRAME_INFO)
+        );
         ULONG                   BytesLeft = pMetadata->BufferSize - pMetadata->UsedSize;
 
         //  TODO: This metadata should only be exposed on a sensor category preview pin.
@@ -80,7 +84,7 @@ EmitMetadata(
             }
             else if ((State.Flags & KSCAMERA_EXTENDEDPROP_IRTORCHMODE_ALTERNATING_FRAME_ILLUMINATION))
             {
-                m_Illuminated = !m_Illuminated;
+                m_Illuminated = ~m_Illuminated;
                 if (m_Illuminated)
                 {
                     pPreviewIllumination->Flags = KSCAMERA_METADATA_FRAMEILLUMINATION_FLAG_ON;
diff --git a/avstream/avscamera/sys/filter.cpp b/avstream/avscamera/sys/filter.cpp
index dfb6ce1fc..93fa1de3f 100644
--- a/avstream/avscamera/sys/filter.cpp
+++ b/avstream/avscamera/sys/filter.cpp
@@ -65,6 +65,7 @@ Return Value:
     m_pPerFrameSettings(nullptr),
     m_pinArray(nullptr),
     m_pMinimumRequestedFrames(nullptr),
+    m_PFSSize(0), // <-- Fix: Initialize m_PFSSize to 0
     m_PhotoModeNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_PHOTOMODE ),
     m_PhotoMaxFrameRateNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_PHOTOMAXFRAMERATE) ,
     m_FocusNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_FOCUSMODE ),
@@ -78,9 +79,9 @@ Return Value:
     m_ThumbnailNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_PHOTOTHUMBNAIL ),
     m_WarmStartNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_WARMSTART ),
     m_RoiNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_ROI_ISPCONTROL ),
-    m_ProfileNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_PROFILE )
+    m_ProfileNotifier( Filter, &KSEVENTSETID_ExtendedCameraControl, KSPROPERTY_CAMERACONTROL_EXTENDED_PROFILE ),
+    m_Sensor(nullptr)
 {
-
     PAGED_CODE();
 
     DBG_ENTER("(Filter=%p)", Filter);
@@ -2443,7 +2444,7 @@ Return Value:
                     pSettings[i] = pSettings[0];
                 }
 
-                while( ((pFrame+1)<=pEnd) )
+                while( ((((LPBYTE)pFrame) + pFrame->Size)<=pEnd) )
                 {
                     PKSCAMERA_PERFRAMESETTING_FRAME_HEADER  pNextFrame =
                         (PKSCAMERA_PERFRAMESETTING_FRAME_HEADER)
diff --git a/avstream/avscamera/sys/hwsim.cpp b/avstream/avscamera/sys/hwsim.cpp
index 80a4adcfc..8d76ef184 100644
--- a/avstream/avscamera/sys/hwsim.cpp
+++ b/avstream/avscamera/sys/hwsim.cpp
@@ -122,6 +122,7 @@ CHardwareSimulation (
     , m_LastReportedExposureTime(DEF_EXPOSURE_TIME) // Assume the default exposure time for now.
     , m_LastReportedWhiteBalance(0)
     , m_FaceDetectionDelay(1)                       // Start out reporting immediately.
+	, m_LastFaceDetect()
 
 /*++
 
@@ -778,8 +779,8 @@ EmitMetadata(
 
     if (0 != (pStreamHeader->OptionsFlags & KSSTREAM_HEADER_OPTIONSF_METADATA))
     {
-        PKS_FRAME_INFO          pFrameInfo = (PKS_FRAME_INFO)(pStreamHeader + 1);
-        PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO) (pFrameInfo + 1);
+        PKS_FRAME_INFO pFrameInfo = reinterpret_cast<PKS_FRAME_INFO>(reinterpret_cast<PUCHAR>(pStreamHeader) + sizeof(KSSTREAM_HEADER));
+        PKSSTREAM_METADATA_INFO pMetadata = reinterpret_cast<PKSSTREAM_METADATA_INFO>(reinterpret_cast<PUCHAR>(pFrameInfo) + sizeof(KS_FRAME_INFO));
         //PBYTE                   pData = (PBYTE) pMetadata->SystemVa;
         //ULONG                   BytesLeft = pMetadata->BufferSize;
 
@@ -961,7 +962,7 @@ Return Value:
     m_LastFaceDetect.Flags &= Flags;
 
     PKS_FRAME_INFO          pFrameInfo = (PKS_FRAME_INFO)(pStreamHeader + 1);
-    PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO) (pFrameInfo + 1);
+    PKSSTREAM_METADATA_INFO pMetadata = reinterpret_cast<PKSSTREAM_METADATA_INFO>(reinterpret_cast<PUCHAR>(pFrameInfo) + sizeof(KS_FRAME_INFO));
     ULONG                   BytesLeft = pMetadata->BufferSize - pMetadata->UsedSize;
 
     //  Write Face Detection Info here
diff --git a/avstream/avscamera/sys/imagehwsim.cpp b/avstream/avscamera/sys/imagehwsim.cpp
index 2ba447216..6f73b71f8 100644
--- a/avstream/avscamera/sys/imagehwsim.cpp
+++ b/avstream/avscamera/sys/imagehwsim.cpp
@@ -51,6 +51,14 @@ CImageHardwareSimulation (
     , m_GlobalFrameNumber(0)
     , m_bEndOfSequence(FALSE)
     , m_PastBufferCount(0)         // Zero only when the simulation inits.
+    , m_FlashStatus(0)
+	, m_PinMode(PinNormalMode)
+    , m_bFlashed(FALSE)
+	, m_bPastBufferTrigger(FALSE)
+    , m_pClone(nullptr)
+    , m_TriggerTime(0)
+	, m_bTriggered(FALSE)
+	, m_szwFramePath(nullptr)
 
 /*++
 
@@ -678,7 +686,7 @@ Return Value:
     if (0 != (pStreamHeader->OptionsFlags & KSSTREAM_HEADER_OPTIONSF_METADATA))
     {
         PKS_FRAME_INFO          pFrameInfo = (PKS_FRAME_INFO)(pStreamHeader + 1);
-        PKSSTREAM_METADATA_INFO pMetadata = (PKSSTREAM_METADATA_INFO) (pFrameInfo + 1);
+        PKSSTREAM_METADATA_INFO pMetadata = reinterpret_cast<PKSSTREAM_METADATA_INFO>(reinterpret_cast<BYTE*>(pFrameInfo) + sizeof(KS_FRAME_INFO));
         PCAMERA_METADATA_IMAGEAGGREGATION   pAggregation =
             (PCAMERA_METADATA_IMAGEAGGREGATION) (((PBYTE) pMetadata->SystemVa) + pMetadata->UsedSize);
         ULONG                   BytesLeft = pMetadata->BufferSize - pMetadata->UsedSize;