diff --git a/src/lib_ccx/ccx_decoders_608.c b/src/lib_ccx/ccx_decoders_608.c
index 37a057e83..c2b0a0aea 100644
--- a/src/lib_ccx/ccx_decoders_608.c
+++ b/src/lib_ccx/ccx_decoders_608.c
@@ -316,10 +316,20 @@ int write_cc_buffer(ccx_decoder_608_context *context, struct cc_subtitle *sub)
 
 	if (!data->empty && context->output_format != CCX_OF_NULL)
 	{
-		struct eia608_screen *new_data = (struct eia608_screen *)realloc(sub->data, (sub->nb_data + 1) * sizeof(*data));
+		size_t new_size;
+
+		if (sub->nb_data + 1 > SIZE_MAX / sizeof(struct eia608_screen))
+		{
+			ccx_common_logging.log_ftn("Too many screens, cannot allocate more memory.\n");
+			return 0;
+		}
+
+		new_size = (sub->nb_data + 1) * sizeof(struct eia608_screen);
+
+		struct eia608_screen *new_data = (struct eia608_screen *)realloc(sub->data, new_size);
 		if (!new_data)
 		{
-			ccx_common_logging.log_ftn("No Memory left");
+			ccx_common_logging.log_ftn("Out of memory while reallocating screen buffer\n");
 			return 0;
 		}
 		sub->data = new_data;
@@ -386,10 +396,20 @@ int write_cc_line(ccx_decoder_608_context *context, struct cc_subtitle *sub)
 
 	if (!data->empty)
 	{
-		struct eia608_screen *new_data = (struct eia608_screen *)realloc(sub->data, (sub->nb_data + 1) * sizeof(*data));
+		size_t new_size;
+
+		if (sub->nb_data + 1 > SIZE_MAX / sizeof(struct eia608_screen))
+		{
+			ccx_common_logging.log_ftn("Too many screens, cannot allocate more memory.\n");
+			return 0;
+		}
+
+		new_size = (sub->nb_data + 1) * sizeof(struct eia608_screen);
+
+		struct eia608_screen *new_data = (struct eia608_screen *)realloc(sub->data, new_size);
 		if (!new_data)
 		{
-			ccx_common_logging.log_ftn("No Memory left");
+			ccx_common_logging.log_ftn("Out of memory while reallocating screen buffer\n");
 			return 0;
 		}
 		sub->data = new_data;
diff --git a/src/lib_ccx/ccx_decoders_isdb.c b/src/lib_ccx/ccx_decoders_isdb.c
index 5a1f5f588..5a54340df 100644
--- a/src/lib_ccx/ccx_decoders_isdb.c
+++ b/src/lib_ccx/ccx_decoders_isdb.c
@@ -724,16 +724,17 @@ static int parse_csi(ISDBSubContext *ctx, const uint8_t *buf, int len)
 	// Copy buf in arg
 	for (i = 0; *buf != 0x20; i++)
 	{
-		if (i >= (sizeof(arg)) + 1)
+		if (i >= sizeof(arg) - 1)
 		{
-			isdb_log("UnExpected CSI %d >= %d", sizeof(arg) + 1, i);
+			isdb_log("UnExpected CSI: too long");
 			break;
 		}
 		arg[i] = *buf;
 		buf++;
 	}
 	/* ignore terminating 0x20 character */
-	arg[i] = *buf++;
+	if (i < sizeof(arg))
+		arg[i] = *buf++;
 
 	switch (*buf)
 	{