--- a/src/share/instrument/EncodingSupport.c	Fri Apr 03 17:24:59 2020 +0800
+++ b/src/share/instrument/EncodingSupport.c	Wed Apr 15 13:26:38 2020 -0700
@@ -38,7 +38,11 @@
     int i;
 
     new_length = 0;
-    for ( i = 0 ; i < length ; i++ ) {
+    /*
+     * if length < 0 or new_length becomes < 0 => string is too big
+     * (handled as error after the cycle).
+     */
+    for ( i = 0 ; i < length && new_length >= 0 ; i++ ) {
         unsigned byte;
 
         byte = (unsigned char)string[i];

--- a/src/share/instrument/InvocationAdapter.c	Fri Apr 03 17:24:59 2020 +0800
+++ b/src/share/instrument/InvocationAdapter.c	Wed Apr 15 13:26:38 2020 -0700
@@ -206,8 +206,10 @@
         /*
          * According to JVMS class name is represented as CONSTANT_Utf8_info,
          * so its length is u2 (i.e. must be <= 0xFFFF).
+         * Negative oldLen or newLen means we got signed integer overflow
+         * (modifiedUtf8LengthOfUtf8 returns negative value if oldLen is negative).
          */
-        if (newLen > 0xFFFF) {
+        if (oldLen < 0 || newLen < 0 || newLen > 0xFFFF) {
             fprintf(stderr, "-javaagent: Premain-Class value is too big\n");
             free(jarfile);
             if (options != NULL) free(options);
@@ -376,8 +378,10 @@
         /*
          * According to JVMS class name is represented as CONSTANT_Utf8_info,
          * so its length is u2 (i.e. must be <= 0xFFFF).
+         * Negative oldLen or newLen means we got signed integer overflow
+         * (modifiedUtf8LengthOfUtf8 returns negative value if oldLen is negative).
          */
-        if (newLen > 0xFFFF) {
+        if (oldLen < 0 || newLen < 0 || newLen > 0xFFFF) {
             fprintf(stderr, "Agent-Class value is too big\n");
             free(jarfile);
             if (options != NULL) free(options);