diff --git a/library/pkwrite.c b/library/pkwrite.c
index 35dbd0b75..bb9514ec7 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -97,7 +97,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
         return( ret );
     }
 
-    if( *p - start < (int) len )
+    if( *p < start || (size_t)( *p - start ) < len )
         return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
 
     *p -= len;
diff --git a/library/x509_create.c b/library/x509_create.c
index f505bab80..b2cbdd494 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -265,13 +265,16 @@ int x509_write_sig( unsigned char **p, unsigned char *start,
     int ret;
     size_t len = 0;
 
-    if( *p - start < (int) size + 1 )
+    if( *p < start || (size_t)( *p - start ) < size )
         return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
 
     len = size;
     (*p) -= len;
     memcpy( *p, sig, len );
 
+    if( *p - start < 1 )
+        return( POLARSSL_ERR_ASN1_BUF_TOO_SMALL );
+
     *--(*p) = 0;
     len += 1;