diff --git a/ChangeLog b/ChangeLog
index c82a78311..60e0f774c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -10,6 +10,8 @@ Bugfix
    * Prevent reading over buffer boundaries on X509 certificate parsing
    * mpi_exp_mod() now correctly handles negative base numbers (Closes ticket
      #52)
+   * Fixed possible segfault in mpi_shift_r() (found by Manuel
+     Pégourié-Gonnard)
 
 Security
    * Fixed potential memory zeroization on miscrafted RSA key (found by Eloi
diff --git a/library/bignum.c b/library/bignum.c
index 4518d4aee..acaba6a7e 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -609,6 +609,9 @@ int mpi_shift_r( mpi *X, size_t count )
     v0 = count /  biL;
     v1 = count & (biL - 1);
 
+    if( v0 > X->n || ( v0 == X->n && v1 > 0 ) )
+        return mpi_lset( X, 0 );
+
     /*
      * shift by count / limb_size
      */
diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data
index a5a5cf93f..ae618f195 100644
--- a/tests/suites/test_suite_mpi.data
+++ b/tests/suites/test_suite_mpi.data
@@ -300,6 +300,18 @@ mpi_shift_r:10:"128":1:10:"64"
 Test mpi_shift_r #2
 mpi_shift_r:10:"120815570979701484704906977000760567182871429114712069861589084706550626575967516787438008593490722779337547394120718248995900363209947025063336882559539208430319216688889117222633155838468458047056355241515415159736436403445579777425189969":45:10:"3433785053053426415343295076376096153094051405637175942660777670498379921354157795219578264137985649407981651226029903483433269093721578004287291678324982297860947730012217028349628999378309630601971640587504883789518896817457"
 
+Test mpi_shift_r #4
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":63:16:"01"
+
+Test mpi_shift_r #4
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":64:16:"00"
+
+Test mpi_shift_r #6
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":65:16:"00"
+
+Test mpi_shift_r #7
+mpi_shift_r:16:"FFFFFFFFFFFFFFFF":128:16:"00"
+
 Base test mpi_mul_mpi #1
 mpi_mul_mpi:10:"5":10:"7":10:"35"
 
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 1b328c43d..596b7df6d 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -162,7 +162,7 @@ mpi_set_bit:radix_X:input_X:pos:val:radix_Y:output_Y
     TEST_ASSERT( mpi_set_bit( &X, {pos}, {val} ) == 0 );
     TEST_ASSERT( mpi_cmp_mpi( &X, &Y ) == 0 );
 
-    mpi_free( &X );
+    mpi_free( &X ); mpi_free( &Y );
 }
 END_CASE