diff --git a/include/msgpack/v1/vrefbuffer.hpp b/include/msgpack/v1/vrefbuffer.hpp
index 6d52a15e..c0240dbe 100644
--- a/include/msgpack/v1/vrefbuffer.hpp
+++ b/include/msgpack/v1/vrefbuffer.hpp
@@ -71,6 +71,12 @@ public:
         m_end   = array + nfirst;
         m_array = array;
 
+        
+        if((sizeof(chunk) + chunk_size) < chunk_size){
+            throw std::bad_alloc();
+        }
+        
+
         chunk* c = static_cast<chunk*>(::malloc(sizeof(chunk) + chunk_size));
         if(!c) {
             ::free(array);
@@ -141,7 +147,11 @@ public:
             if(sz < len) {
                 sz = len;
             }
-
+             
+            if(sizeof(chunk) + sz < sz){
+                throw std::bad_alloc();
+            }
+            
             chunk* c = static_cast<chunk*>(::malloc(sizeof(chunk) + sz));
             if(!c) {
                 throw std::bad_alloc();
@@ -183,6 +193,10 @@ public:
     {
         size_t sz = m_chunk_size;
 
+        if((sizeof(chunk) + sz) < sz){
+            throw std::bad_alloc();
+        }
+
         chunk* empty = static_cast<chunk*>(::malloc(sizeof(chunk) + sz));
         if(!empty) {
             throw std::bad_alloc();
diff --git a/test/msgpack_c.cpp b/test/msgpack_c.cpp
index c979177a..f77f31ee 100644
--- a/test/msgpack_c.cpp
+++ b/test/msgpack_c.cpp
@@ -1352,3 +1352,16 @@ TEST(MSGPACKC, unpack_array_uint64)
     EXPECT_EQ(0xFFF0000000000001LL, obj.via.array.ptr[0].via.u64);
     msgpack_zone_destroy(&z);
 }
+
+
+TEST(MSGPACKC, vreff_buffer_overflow)
+{
+    msgpack_vrefbuffer vbuf;
+    msgpack_vrefbuffer to;
+    size_t ref_size = 0;
+    size_t len = 0x1000;
+    size_t chunk_size = std::numeric_limits<size_t>::max();
+    char *buf = (char *)malloc(len);
+    EXPECT_FALSE(msgpack_vrefbuffer_init(&vbuf, ref_size, chunk_size));
+    EXPECT_EQ(-1, msgpack_vrefbuffer_migrate(&vbuf, &to));
+}
diff --git a/test/msgpack_vref.cpp b/test/msgpack_vref.cpp
index 85f5e663..8a85e45b 100644
--- a/test/msgpack_vref.cpp
+++ b/test/msgpack_vref.cpp
@@ -264,3 +264,12 @@ TEST(MSGPACK, vrefbuffer_small_int64)
     msgpack::vrefbuffer vbuf(0, 0);
     GEN_TEST_VREF(int64_t, vbuf);
 }
+
+TEST(MSGPACK, vref_buffer_overflow)
+{   
+    size_t chunk_size = std::numeric_limits<size_t>::max();
+    char *buf = (char *)malloc(chunk_size);
+    ASSERT_THROW(msgpack::vrefbuffer vbuf(0, chunk_size), std::bad_alloc);
+    msgpack::vrefbuffer vbuf(0,0x1000);
+    ASSERT_THROW(vbuf.append_copy(buf, chunk_size), std::bad_alloc);
+}