Index: dmtxencode.c
===================================================================
--- dmtxencode.c	(revision 647)
+++ dmtxencode.c	(working copy)
@@ -394,6 +394,9 @@
 {
    int dataWordCount;
 
+   if (inputSize > 1558)
+      return 0;
+
    /*
     * This function needs to take both dataWordCount and sizeIdx into account
     * because symbol size is tied to an encodation. That is, a data stream
Index: util/dmtxread/dmtxread.c
===================================================================
--- util/dmtxread/dmtxread.c	(revision 647)
+++ util/dmtxread/dmtxread.c	(working copy)
@@ -24,6 +24,7 @@
 
 /* $Id$ */
 
+#include <stdint.h>
 #include "dmtxread.h"
 
 char *programName;
@@ -43,7 +44,7 @@
    int fileIndex, imgPageIndex;
    int fileCount;
    int imageScanCount, pageScanCount;
-   int width, height;
+   unsigned long width, height;
    unsigned char *pxl;
    UserOptions opt;
    DmtxTime timeout;
@@ -109,8 +110,14 @@
          if(opt.timeoutMS != -1)
             timeout = dmtxTimeAdd(dmtxTimeNow(), opt.timeoutMS);
 
+         /* Check for integer overflow */
+         if (width > (SIZE_MAX / 3 / height / sizeof(unsigned char))) {
+            CleanupMagick(&wand, DmtxFalse);
+            FatalError(EX_OSERR, "cannot allocate memory for %lu*%lu image: more than SIZE_MAX bytes would be needed",
+                       width, height);
+         }
          /* Allocate memory for pixel data */
-         pxl = (unsigned char *)malloc(3 * width * height * sizeof(unsigned char));
+         pxl = malloc(3 * width * height * sizeof(unsigned char));
          if(pxl == NULL) {
             CleanupMagick(&wand, DmtxFalse);
             FatalError(EX_OSERR, "malloc() error");