diff --git a/sndiod/sock.c b/sndiod/sock.c
index feac458..4a83334 100644
--- a/sndiod/sock.c
+++ b/sndiod/sock.c
@@ -541,6 +541,10 @@ sock_wdata(struct sock *f)
 		return 1;
 	}
 	while (f->wtodo > 0) {
+		/*
+		 * f->slot and f->midi are set by sock_hello(), so
+		 * count is always properly initialized
+		 */
 		if (f->slot)
 			data = abuf_rgetblk(&f->slot->sub.buf, &count);
 		else if (f->midi)
@@ -1509,6 +1513,11 @@ sock_write(struct sock *f)
 	case SOCK_WMSG:
 		if (!sock_wmsg(f))
 			return 0;
+		/*
+		 * f->wmsg is either build by sock_buildmsg() or
+		 * copied from f->rmsg (in the SOCK_RRET state), so
+		 * it's safe.
+		 */
 		if (ntohl(f->wmsg.cmd) != AMSG_DATA) {
 			f->wstate = SOCK_WIDLE;
 			f->wtodo = 0xdeadbeef;