diff --git a/sys/fs/pseudofs/pseudofs_vnops.c b/sys/fs/pseudofs/pseudofs_vnops.c
--- a/sys/fs/pseudofs/pseudofs_vnops.c
+++ b/sys/fs/pseudofs/pseudofs_vnops.c
@@ -1102,6 +1102,9 @@
 	if (pn->pn_fill == NULL)
 		PFS_RETURN (EIO);
 
+	if (uio->uio_resid > PFS_MAXBUFSIZ)
+		PFS_RETURN (EIO);
+
 	/*
 	 * This is necessary because either process' privileges may
 	 * have changed since the open() call.
diff --git a/sys/kern/subr_sbuf.c b/sys/kern/subr_sbuf.c
--- a/sys/kern/subr_sbuf.c
+++ b/sys/kern/subr_sbuf.c
@@ -266,6 +266,10 @@
 	KASSERT(error != NULL,
 	    ("%s called with NULL error pointer", __func__));
 
+	if (uio->uio_resid >= INT_MAX || uio->uio_resid < SBUF_MINSIZE - 1) {
+		*error = EINVAL;
+		return (NULL);
+	}
 	s = sbuf_new(s, NULL, uio->uio_resid + 1, 0);
 	if (s == NULL) {
 		*error = ENOMEM;