diff --git a/ChangeLog b/ChangeLog
index 08f1659db..d040ac74b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2014-11-26  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
+
+	* src/base/ftobj.c (Mac_Read_POST_Resource): Additional
+	overflow check in the summation of POST fragment lengths,
+	suggested by Mateusz Jurczyk <mjurczyk@google.com>.
+
 2014-11-26  suzuki toshiya  <mpsuzuki@hiroshima-u.ac.jp>
 
 	* src/base/ftobjs.c (Mac_Read_POST_Resource): Insert comments
diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index 4321126e4..b28216a8b 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1586,8 +1586,10 @@
        */
       FT_TRACE4(( "                 POST fragment #%d: length=0x%08x\n",
                   i, temp));
-      if ( 0x7FFFFFFFUL < temp )
+      if ( 0x7FFFFFFFUL < temp || pfb_len + temp + 6 < pfb_len )
       {
+        FT_TRACE2(( "             too long fragment length makes"
+                    " pfb_len confused: temp=0x%08x\n", temp ));
         error = FT_THROW( Invalid_Offset );
         goto Exit;
       }
@@ -1600,8 +1602,7 @@
                  resource_cnt, pfb_len + 2));
     if ( pfb_len + 2 < 6 ) {
       FT_TRACE2(( "             too long fragment length makes"
-                  " pfb_len confused: 0x%08x\n",
-                  pfb_len ));
+                  " pfb_len confused: pfb_len=0x%08x\n", pfb_len ));
       error = FT_THROW( Array_Too_Large );
       goto Exit;
     }