diff --git a/ChangeLog b/ChangeLog
index 4f7d0f4ff..34106ead8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -8,6 +8,11 @@
      resource limits.
      Idea from a similar NetBSD change, original problem reported by jasper@.
      ok millert tedu jasper
+   - djm@cvs.openbsd.org 2011/01/12 01:53:14
+     avoid some integer overflows mostly with GLOB_APPEND and GLOB_DOOFFS
+     and sanity check arguments (these will be unnecessary when we switch
+     struct glob members from being type into to size_t in the future);
+     "looks ok" tedu@ feedback guenther@
 
 20110111
  - (tim) [regress/host-expand.sh] Fix for building outside of read only
diff --git a/openbsd-compat/glob.c b/openbsd-compat/glob.c
index 692e81045..0341225cd 100644
--- a/openbsd-compat/glob.c
+++ b/openbsd-compat/glob.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: glob.c,v 1.34 2010/10/08 21:48:42 nicm Exp $ */
+/*	$OpenBSD: glob.c,v 1.35 2011/01/12 01:53:14 djm Exp $ */
 /*
  * Copyright (c) 1989, 1993
  *	The Regents of the University of California.  All rights reserved.
@@ -184,6 +184,11 @@ glob(const char *pattern, int flags, int (*errfunc)(const char *, int),
 	pglob->gl_errfunc = errfunc;
 	pglob->gl_matchc = 0;
 
+	if (pglob->gl_offs < 0 || pglob->gl_pathc < 0 ||
+	    pglob->gl_offs >= INT_MAX || pglob->gl_pathc >= INT_MAX ||
+	    pglob->gl_pathc >= INT_MAX - pglob->gl_offs - 1)
+		return GLOB_NOSPACE;
+
 	bufnext = patbuf;
 	bufend = bufnext + MAXPATHLEN - 1;
 	if (flags & GLOB_NOESCAPE)
@@ -752,10 +757,13 @@ globextend(const Char *path, glob_t *pglob, struct glob_lim *limitp,
 	struct stat **statv;
 
 	newn = 2 + pglob->gl_pathc + pglob->gl_offs;
-	if (SIZE_MAX / sizeof(*pathv) <= newn ||
+	if (pglob->gl_offs >= INT_MAX ||
+	    pglob->gl_pathc >= INT_MAX ||
+	    newn >= INT_MAX ||
+	    SIZE_MAX / sizeof(*pathv) <= newn ||
 	    SIZE_MAX / sizeof(*statv) <= newn) {
  nospace:
-		for (i = pglob->gl_offs; i < newn - 2; i++) {
+		for (i = pglob->gl_offs; i < (ssize_t)(newn - 2); i++) {
 			if (pglob->gl_pathv && pglob->gl_pathv[i])
 				free(pglob->gl_pathv[i]);
 			if ((pglob->gl_flags & GLOB_KEEPSTAT) != 0 &&
@@ -870,7 +878,7 @@ match(Char *name, Char *pat, Char *patend)
 				++pat;
 			while (((c = *pat++) & M_MASK) != M_END) {
 				if ((c & M_MASK) == M_CLASS) {
-					int idx = *pat & M_MASK;
+					Char idx = *pat & M_MASK;
 					if (idx < NCCLASSES &&
 					    cclasses[idx].isctype(k))
 						ok = 1;