diff --git a/library/pkwrite.c b/library/pkwrite.c
index 0a16eac72..83b798c11 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -96,7 +96,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start,
         return( ret );
     }
 
-    if( *p - start < (int) len )
+    if( *p < start || (size_t)( *p - start ) < len )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
     *p -= len;
diff --git a/library/x509_create.c b/library/x509_create.c
index 3b773c02a..df20ec8eb 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -259,13 +259,16 @@ int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
     int ret;
     size_t len = 0;
 
-    if( *p - start < (int) size + 1 )
+    if( *p < start || (size_t)( *p - start ) < size )
         return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
 
     len = size;
     (*p) -= len;
     memcpy( *p, sig, len );
 
+    if( *p - start < 1 )
+        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
     *--(*p) = 0;
     len += 1;