diff --git a/lib/decode.c b/lib/decode.c
index 1914096..a27a59a 100644
--- a/lib/decode.c
+++ b/lib/decode.c
@@ -886,6 +886,9 @@ quirc_decode_error_t quirc_decode(const struct quirc_code *code,
 	quirc_decode_error_t err;
 	struct datastream ds;
 
+	if (code->size > QUIRC_MAX_GRID_SIZE)
+		return QUIRC_ERROR_INVALID_GRID_SIZE;
+
 	if ((code->size - 17) % 4)
 		return QUIRC_ERROR_INVALID_GRID_SIZE;
 
diff --git a/lib/identify.c b/lib/identify.c
index 1900b67..e246629 100644
--- a/lib/identify.c
+++ b/lib/identify.c
@@ -1118,11 +1118,11 @@ void quirc_extract(const struct quirc *q, int index,
 	int y;
 	int i = 0;
 
+	memset(code, 0, sizeof(*code));
+
 	if (index < 0 || index > q->num_grids)
 		return;
 
-	memset(code, 0, sizeof(*code));
-
 	perspective_map(qr->c, 0.0, 0.0, &code->corners[0]);
 	perspective_map(qr->c, qr->grid_size, 0.0, &code->corners[1]);
 	perspective_map(qr->c, qr->grid_size, qr->grid_size,
@@ -1131,6 +1131,12 @@ void quirc_extract(const struct quirc *q, int index,
 
 	code->size = qr->grid_size;
 
+	/* Skip out early so as not to overrun the buffer. quirc_decode
+	 * will return an error on interpreting the code.
+	 */
+	if (code->size > QUIRC_MAX_GRID_SIZE)
+		return;
+
 	for (y = 0; y < qr->grid_size; y++) {
 		int x;
 		for (x = 0; x < qr->grid_size; x++) {