diff --git a/src/base/ftobjs.c b/src/base/ftobjs.c
index e3fadd321..dbaac4dee 100644
--- a/src/base/ftobjs.c
+++ b/src/base/ftobjs.c
@@ -1813,6 +1813,9 @@
     if ( !face || !face->size || !face->glyph )
       return FT_Err_Invalid_Face_Handle;
 
+    if ( glyph_index >= face->num_glyphs )
+      return FT_Err_Invalid_Argument;
+      
     driver = face->driver;
 
     /* when the flag NO_RECURSE is set, we disable hinting and scaling */
diff --git a/src/type1/t1parse.c b/src/type1/t1parse.c
index 6f4ae78d1..627751065 100644
--- a/src/type1/t1parse.c
+++ b/src/type1/t1parse.c
@@ -512,7 +512,7 @@
     {
       /* get rid of '['/']', or '{'/'}' */
       T1_Byte*  base  = parser->tokenizer->base + token->start + 1;
-      T1_Byte*  limit = base + token->len - 1;
+      T1_Byte*  limit = base + token->len - 2;
       T1_Byte*  cur;
       T1_Byte*  start;
 
@@ -564,7 +564,7 @@
     {
       /* get rid of '[' and ']' */
       T1_Byte*  base  = parser->tokenizer->base + token->start + 1;
-      T1_Byte*  limit = base + token->len - 1;
+      T1_Byte*  limit = base + token->len - 2;
       T1_Byte*  cur;
       T1_Byte*  start;
       T1_Int    n;