diff --git a/sql/spatial.cc b/sql/spatial.cc
index 894f2a1dae5..3b98ff2a1b6 100644
--- a/sql/spatial.cc
+++ b/sql/spatial.cc
@@ -507,12 +507,13 @@ uint Gis_line_string::init_from_wkb(const char *wkb, uint len,
   const char *wkb_end;
   Gis_point p;
 
-  if (len < 4)
+  if (len < 4 ||
+      (n_points= wkb_get_uint(wkb, bo)) < 1 ||
+      n_points > max_n_points)
     return 0;
-  n_points= wkb_get_uint(wkb, bo);
   proper_length= 4 + n_points * POINT_DATA_SIZE;
 
-  if (!n_points || len < proper_length || res->reserve(proper_length))
+  if (len < proper_length || res->reserve(proper_length))
     return 0;
 
   res->q_append(n_points);
@@ -1054,9 +1055,9 @@ uint Gis_multi_point::init_from_wkb(const char *wkb, uint len, wkbByteOrder bo,
   Gis_point p;
   const char *wkb_end;
 
-  if (len < 4)
+  if (len < 4 ||
+      (n_points= wkb_get_uint(wkb, bo)) > max_n_points)
     return 0;
-  n_points= wkb_get_uint(wkb, bo);
   proper_size= 4 + n_points * (WKB_HEADER_SIZE + POINT_DATA_SIZE);
  
   if (len < proper_size || res->reserve(proper_size))
diff --git a/sql/spatial.h b/sql/spatial.h
index e93540db862..1e2decd6ef3 100644
--- a/sql/spatial.h
+++ b/sql/spatial.h
@@ -383,6 +383,10 @@ public:
 
 class Gis_line_string: public Geometry
 {
+  // Maximum number of points in LineString that can fit into String
+  static const uint32 max_n_points=
+    (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
+    POINT_DATA_SIZE;
 public:
   Gis_line_string() {}                        /* Remove gcc warning */
   virtual ~Gis_line_string() {}               /* Remove gcc warning */
@@ -439,6 +443,10 @@ public:
 
 class Gis_multi_point: public Geometry
 {
+  // Maximum number of points in MultiPoint that can fit into String
+  static const uint32 max_n_points=
+    (uint32) (UINT_MAX32 - WKB_HEADER_SIZE - 4 /* n_points */) /
+    (WKB_HEADER_SIZE + POINT_DATA_SIZE);
 public:
   Gis_multi_point() {}                        /* Remove gcc warning */
   virtual ~Gis_multi_point() {}               /* Remove gcc warning */