diff --git a/icon-validator/validate-icon.c b/icon-validator/validate-icon.c
index 6e23d9f2..6c4cae20 100644
--- a/icon-validator/validate-icon.c
+++ b/icon-validator/validate-icon.c
@@ -136,7 +136,7 @@ rerun_in_sandbox (const char *arg_width,
   ssize_t symlink_size;
 
   symlink_size = readlink ("/proc/self/exe", validate_icon, sizeof (validate_icon) - 1);
-  if (symlink_size < 0)
+  if (symlink_size < 0 || (size_t) symlink_size >= sizeof (validate_icon))
     {
       g_printerr ("Error: failed to read /proc/self/exe\n");
       return 1;
diff --git a/portal/flatpak-portal.c b/portal/flatpak-portal.c
index 868ea642..5c4f2fe9 100644
--- a/portal/flatpak-portal.c
+++ b/portal/flatpak-portal.c
@@ -907,7 +907,7 @@ main (int    argc,
     }
 
   exe_path_len = readlink ("/proc/self/exe", exe_path, sizeof (exe_path) - 1);
-  if (exe_path_len > 0)
+  if (exe_path_len > 0 && (size_t) exe_path_len < sizeof (exe_path))
     {
       exe_path[exe_path_len] = 0;
       GFileMonitor *monitor;