diff --git a/configure.ac b/configure.ac
index 748b8ce..6924e10 100644
--- a/configure.ac
+++ b/configure.ac
@@ -41,6 +41,8 @@ case $host_os in
         ;;
 esac
 
+AC_CHECK_HEADERS([stdint.h])
+
 # Checks for pkg-config packages
 PKG_CHECK_MODULES(XFS, libfs xfont xtrans)
 XFS_CFLAGS="$XFS_CFLAGS $OS_CFLAGS"
diff --git a/difs/dispatch.c b/difs/dispatch.c
index f1a0a85..9a6b87c 100644
--- a/difs/dispatch.c
+++ b/difs/dispatch.c
@@ -933,6 +933,13 @@ ProcQueryXExtents(ClientPtr client)
     }
     item_size = (stuff->reqType == FS_QueryXExtents8) ? 1 : 2;
 
+    if (stuff->num_ranges >
+	 ((stuff->length << 2) - SIZEOF(fsQueryXExtents8Req))/item_size) {
+	int num_ranges = stuff->num_ranges;
+	SendErrToClient(client, FSBadLength, (pointer)&num_ranges);
+	return FSBadLength;
+    }
+		
     /* get the extents */
     err = QueryExtents(client, cfp, item_size,
 		       stuff->num_ranges, stuff->range,
@@ -969,6 +976,12 @@ ProcQueryXBitmaps(ClientPtr client)
     assert((stuff->reqType == FS_QueryXBitmaps8) || (stuff->reqType == FS_QueryXBitmaps16));
     item_size = (stuff->reqType == FS_QueryXBitmaps8) ? 1 : 2;
 
+    if (stuff->num_ranges > 
+	((stuff->length << 2) - SIZEOF(fsQueryXBitmaps8Req))/item_size) {
+	int num_ranges = stuff->num_ranges;
+	SendErrToClient(client, FSBadLength, (pointer)&num_ranges);
+	return FSBadLength;
+    }
     /* get the glyphs */
     err = QueryBitmaps(client, cfp, item_size, stuff->format,
 		       stuff->num_ranges, stuff->range,
diff --git a/difs/fontinfo.c b/difs/fontinfo.c
index 23893e0..e7e627d 100644
--- a/difs/fontinfo.c
+++ b/difs/fontinfo.c
@@ -62,6 +62,21 @@ in this Software without prior written authorization from The Open Group.
 #include	<swapreq.h>
 #include	<swaprep.h>
 
+#ifdef HAVE_CONFIG_H
+#include	<config.h>
+#endif
+#ifdef HAVE_STDINT_H
+#include	<stdint.h>
+#endif
+#include	<limits.h>
+#ifndef SIZE_MAX
+# ifdef ULONG_MAX
+#  define SIZE_MAX ULONG_MAX
+# else
+#  define SIZE_MAX UINT_MAX
+# endif
+#endif
+
 void
 CopyCharInfo(
     CharInfoPtr ci,
@@ -181,6 +196,8 @@ build_range(
 	    return new;
 	}
 
+	if (src_num >= SIZE_MAX / sizeof(fsRange) * 2 - 1) 
+		return NULL;
 	np = new = (fsRange *) fsalloc(sizeof(fsRange) * (src_num + 1) / 2);
 	if (!np)
 	    return np;
@@ -210,6 +227,8 @@ build_range(
 	unsigned char      *pp = src;
 
 	src_num = *num;
+	if (src_num >= SIZE_MAX / sizeof(fsRange)) 
+		return NULL;
 	np = new = (fsRange *) fsalloc(SIZEOF(fsRange) * src_num);
 	if (!np)
 	    return np;