diff -rupr a/lib/decoding.c b/lib/decoding.c
--- a/lib/decoding.c	2015-09-14 10:41:16.000000000 -0700
+++ b/lib/decoding.c	2016-11-30 14:23:11.096199084 -0800
@@ -767,10 +767,17 @@ _asn1_extract_der_octet (asn1_node node,
   DECR_LEN(der_len, len3);
 
   if (len2 == -1)
-    counter_end = der_len - 2;
+    {
+      if (der_len < 2)
+        return ASN1_DER_ERROR;
+      counter_end = der_len - 2;
+    }
   else
     counter_end = der_len;
 
+  if (counter_end < counter)
+    return ASN1_DER_ERROR;
+
   while (counter < counter_end)
     {
       DECR_LEN(der_len, 1);