diff --git a/src/passwd/getgr_a.c b/src/passwd/getgr_a.c
index afeb1ece..6a2da02c 100644
--- a/src/passwd/getgr_a.c
+++ b/src/passwd/getgr_a.c
@@ -71,6 +71,10 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
 			goto cleanup_f;
 		}
 
+		if (groupbuf[GRMEMCNT] > INT32_MAX-1) {
+			rv = ENOMEM;
+			goto cleanup_f;
+		}
 		if (groupbuf[GRNAMELEN] > SIZE_MAX - groupbuf[GRPASSWDLEN]) {
 			rv = ENOMEM;
 			goto cleanup_f;
@@ -126,11 +130,11 @@ int __getgr_a(const char *name, gid_t gid, struct group *gr, char **buf, size_t
 
 		if (groupbuf[GRMEMCNT]) {
 			mem[0][0] = *buf + groupbuf[GRNAMELEN] + groupbuf[GRPASSWDLEN];
-			for (ptr = mem[0][0], i = 0; ptr != mem[0][0]+grlist_len; ptr++)
+			for (ptr = mem[0][0], i = 0; i+1<groupbuf[GRMEMCNT] && ptr != mem[0][0]+grlist_len; ptr++)
 				if (!*ptr) mem[0][++i] = ptr+1;
 			mem[0][i] = 0;
 
-			if (i != groupbuf[GRMEMCNT]) {
+			if (i != groupbuf[GRMEMCNT] || ptr != mem[0][0]+grlist_len) {
 				rv = EIO;
 				goto cleanup_f;
 			}