diff --git a/ChangeLog b/ChangeLog
index 80324a9f3..0e8ff86ba 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -70,6 +70,7 @@
 	* almost completely changed the storage interface (for custom storage)
 	* added support for hashing pieces in multiple threads
 
+	* fix bound-checking issue in bdecoder
 	* expose missing dht_settings fields to python
 	* add function to query the DHT settings
 	* fix bug in 'dont_count_slow_torrents' feature, which would start too many
diff --git a/src/lazy_bdecode.cpp b/src/lazy_bdecode.cpp
index 785c6d6aa..de47ed9f9 100644
--- a/src/lazy_bdecode.cpp
+++ b/src/lazy_bdecode.cpp
@@ -130,7 +130,9 @@ namespace libtorrent
 					if (e)
 						TORRENT_FAIL_BDECODE(e);
 
-					if (start + len + 1 > end)
+					// remaining buffer size excluding ':'
+					const ptrdiff_t buff_size = end - start - 1;
+					if (len > buff_size)
 						TORRENT_FAIL_BDECODE(bdecode_errors::unexpected_eof);
 
 					if (len < 0)
@@ -196,15 +198,19 @@ namespace libtorrent
 					start = parse_int(start, end, ':', len, e);
 					if (e)
 						TORRENT_FAIL_BDECODE(e);
-					if (start + len + 1 > end)
+
+					// remaining buffer size excluding ':'
+					const ptrdiff_t buff_size = end - start - 1;
+					if (len > buff_size)
 						TORRENT_FAIL_BDECODE(bdecode_errors::unexpected_eof);
 					if (len < 0)
 						TORRENT_FAIL_BDECODE(bdecode_errors::overflow);
 
 					++start;
+					if (start == end) TORRENT_FAIL_BDECODE(bdecode_errors::unexpected_eof);
 					top->construct_string(start, int(len));
-					stack.pop_back();
 					start += len;
+					stack.pop_back();
 					break;
 				}
 			}