diff --git a/src/sfnt.c b/src/sfnt.c
index f778179a5ff..ab6a2d5e7bc 100644
--- a/src/sfnt.c
+++ b/src/sfnt.c
@@ -736,6 +736,7 @@ sfnt_read_cmap_format_12 (int fd,
     return NULL;
 
   /* Allocate a buffer of sufficient size.  */
+  eassert (length < UINT32_MAX - sizeof *format12);
   format12 = xmalloc (length + sizeof *format12);
   format12->format = header->format;
   format12->reserved = header->length;