diff --git a/float-pigment-consistent-bincode/src/de/mod.rs b/float-pigment-consistent-bincode/src/de/mod.rs
index 1f36462..69b73b0 100644
--- a/float-pigment-consistent-bincode/src/de/mod.rs
+++ b/float-pigment-consistent-bincode/src/de/mod.rs
@@ -83,7 +83,12 @@ impl<'de, R: BincodeRead<'de>, O: Options> Deserializer<R, O> {
         let seg_size = O::IntEncoding::deserialize_u32(self)? as usize;
         let ssl = SegmentSizeLimit {
             diff: match self.segment_size_limits.last() {
-                Some(_) => Some(self.reader.barrier() - seg_size),
+                Some(_) => Some(
+                    self.reader
+                        .barrier()
+                        .checked_sub(seg_size)
+                        .ok_or(ErrorKind::InvalidData)?,
+                ),
                 None => None,
             },
         };
diff --git a/float-pigment-consistent-bincode/src/error.rs b/float-pigment-consistent-bincode/src/error.rs
index 29f0cba..edc2cb1 100644
--- a/float-pigment-consistent-bincode/src/error.rs
+++ b/float-pigment-consistent-bincode/src/error.rs
@@ -37,6 +37,8 @@ pub enum ErrorKind {
     Custom(String),
     /// No enough segment data to read.
     SegmentEnded,
+    /// Invalid data
+    InvalidData,
 }
 
 impl serde::de::StdError for ErrorKind {
@@ -52,6 +54,7 @@ impl serde::de::StdError for ErrorKind {
             ErrorKind::SizeLimit => None,
             ErrorKind::Custom(_) => None,
             ErrorKind::SegmentEnded => None,
+            ErrorKind::InvalidData => None,
         }
     }
 }
@@ -85,6 +88,7 @@ impl fmt::Display for ErrorKind {
             ),
             ErrorKind::Custom(ref s) => s.fmt(fmt),
             ErrorKind::SegmentEnded => write!(fmt, "the segment does not contain enough data"),
+            ErrorKind::InvalidData => write!(fmt, "the data is invalid"),
         }
     }
 }