diff --git a/src/hb-aat-layout-common.hh b/src/hb-aat-layout-common.hh
index 741e5020d3b09b8160b7233b36e9141d4629a426..69768e5eb96bccc994e0ad325493020e8adc9143 100644
--- a/src/hb-aat-layout-common.hh
+++ b/src/hb-aat-layout-common.hh
@@ -422,6 +422,8 @@ struct StateTable
 				     num_states,
 				     num_classes * states[0].static_size)))
 	return_trace (false);
+      if ((c->max_ops -= num_states - state) < 0)
+	return_trace (false);
       { /* Sweep new states. */
 	const HBUINT16 *stop = &states[num_states * num_classes];
 	for (const HBUINT16 *p = &states[state * num_classes]; p < stop; p++)
@@ -431,6 +433,8 @@ struct StateTable
 
       if (unlikely (!c->check_array (entries, num_entries)))
 	return_trace (false);
+      if ((c->max_ops -= num_entries - entry) < 0)
+	return_trace (false);
       { /* Sweep new entries. */
 	const Entry<Extra> *stop = &entries[num_entries];
 	for (const Entry<Extra> *p = &entries[entry]; p < stop; p++)
diff --git a/src/hb-machinery.hh b/src/hb-machinery.hh
index a6ff6e7b9c66909bc37e719e2a90afc8fc384760..3bdbb2eb47b6dafc81a00a76e750c8eed82a8221 100644
--- a/src/hb-machinery.hh
+++ b/src/hb-machinery.hh
@@ -443,10 +443,10 @@ struct hb_sanitize_context_t :
 
   mutable unsigned int debug_depth;
   const char *start, *end;
+  mutable int max_ops;
   private:
   bool writable;
   unsigned int edit_count;
-  mutable int max_ops;
   hb_blob_t *blob;
   unsigned int num_glyphs;
   bool  num_glyphs_set;