diff --git a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
index 04a87fd1cac8ac663f69976e39a214547924e28a..7f0c3aac9a0017e017b615a129379b40845cc261 100644
--- a/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
+++ b/src/share/native/sun/awt/image/jpeg/imageioJPEG.c
@@ -1971,6 +1971,13 @@ Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage
         return data->abortFlag;
     }
 
+    if (cinfo->output_components <= 0 ||
+        cinfo->image_width > (0xffffffffu / (unsigned int)cinfo->output_components))
+    {
+        JNU_ThrowByName(env, "javax/imageio/IIOException",
+                        "Invalid number of output components");
+        return data->abortFlag;
+    }
 
     // Allocate a 1-scanline buffer
     scanLinePtr = (JSAMPROW)malloc(cinfo->image_width*cinfo->output_components);
diff --git a/src/share/native/sun/font/layout/SunLayoutEngine.cpp b/src/share/native/sun/font/layout/SunLayoutEngine.cpp
index 553334a18951e1827022a52140723c70be7abd09..c7db94829f46a8c0826d2fc0d15d776278e9c4b3 100644
--- a/src/share/native/sun/font/layout/SunLayoutEngine.cpp
+++ b/src/share/native/sun/font/layout/SunLayoutEngine.cpp
@@ -186,7 +186,11 @@ JNIEXPORT void JNICALL Java_sun_font_SunLayoutEngine_nativeLayout
   jchar buffer[256];
   jchar* chars = buffer;
   if (len > 256) {
-    chars = (jchar*)malloc(len * sizeof(jchar));
+    size_t size = len * sizeof(jchar);
+    if (size / sizeof(jchar) != len) {
+      return;
+    }
+    chars = (jchar*)malloc(size);
     if (chars == 0) {
       return;
     }