diff --git a/src/vrend_renderer.c b/src/vrend_renderer.c
index 510285a..20d2946 100644
--- a/src/vrend_renderer.c
+++ b/src/vrend_renderer.c
@@ -2311,6 +2311,10 @@ static void vrend_update_scissor_state(struct vrend_context *ctx)
 
    while (mask) {
       idx = u_bit_scan(&mask);
+      if (idx >= PIPE_MAX_VIEWPORTS) {
+         vrend_report_buffer_error(ctx, 0);
+         break;
+      }
       ss = &ctx->sub->ss[idx];
       if (ctx->sub->viewport_is_negative)
          y = ss->miny;
@@ -4939,6 +4943,13 @@ void vrend_set_scissor_state(struct vrend_context *ctx,
                              struct pipe_scissor_state *ss)
 {
    int i, idx;
+
+   if (start_slot > PIPE_MAX_VIEWPORTS ||
+       num_scissor > (PIPE_MAX_VIEWPORTS - start_slot)) {
+      vrend_report_buffer_error(ctx, 0);
+      return;
+   }
+
    for (i = 0; i < num_scissor; i++) {
       idx = start_slot + i;
       ctx->sub->ss[idx] = ss[i];