diff --git a/src/mzscheme/src/eval.c b/src/mzscheme/src/eval.c
index c8b49b92b3..a31b1d9e52 100644
--- a/src/mzscheme/src/eval.c
+++ b/src/mzscheme/src/eval.c
@@ -10201,6 +10201,9 @@ void scheme_validate_closure(Mz_CPort *port, Scheme_Object *expr,
   char *new_stack;
   struct Validate_Clearing *vc;
 
+  if (data->max_let_depth < (data->num_params + data->closure_size))
+    scheme_ill_formed_code(port);
+
   sz = data->max_let_depth;
   new_stack = scheme_malloc_atomic(sz);
   memset(new_stack, VALID_NOT, sz - data->num_params - data->closure_size);
@@ -10255,7 +10258,7 @@ static void validate_unclosed_procedure(Mz_CPort *port, Scheme_Object *expr,
     sz = data->closure_size;
   }
   map = data->closure_map;
-      
+  
   if (sz)
     closure_stack = scheme_malloc_atomic(sz);
   else
@@ -10284,7 +10287,7 @@ static void validate_unclosed_procedure(Mz_CPort *port, Scheme_Object *expr,
     if (q == self_pos)
       self_pos_in_closure = i;
     p = q + delta;
-    if ((q < 0) || (p > depth) || (stack[p] == VALID_NOT))
+    if ((q < 0) || (p >= depth) || (stack[p] == VALID_NOT))
       scheme_ill_formed_code(port);
     vld = stack[p];
     if (vld == VALID_VAL_NOCLEAR)
@@ -10679,7 +10682,7 @@ void scheme_validate_expr(Mz_CPort *port, Scheme_Object *expr,
 
       scheme_validate_expr(port, lv->value, stack, tls, depth, letlimit, delta, num_toplevels, num_stxes, num_lifts,
                            NULL, 0, 0, vc, 0);
-      memset(stack, VALID_NOT, delta);
+      /* memset(stack, VALID_NOT, delta);  <-- seems unnecessary (and slow) */
 
       c = lv->count;
       q = lv->position;
@@ -10737,7 +10740,7 @@ void scheme_validate_expr(Mz_CPort *port, Scheme_Object *expr,
 
       c = l->count;
       
-      if ((c < 0) || (c + delta > depth))
+      if ((c < 0) || (c + delta >= depth))
 	scheme_ill_formed_code(port);
 
       for (i = 0; i < c; i++) {
@@ -10828,7 +10831,8 @@ void scheme_validate_toplevel(Scheme_Object *expr, Mz_CPort *port,
 
 void scheme_validate_boxenv(int p, Mz_CPort *port, char *stack, int depth, int delta)
 {
-  p += delta;
+  if (p >= 0)
+    p += delta;
 
   if ((p < 0) || (p >= depth) || (stack[p] != VALID_VAL))
     scheme_ill_formed_code(port);
diff --git a/src/mzscheme/src/fun.c b/src/mzscheme/src/fun.c
index ff2731e552..df919cb3a5 100644
--- a/src/mzscheme/src/fun.c
+++ b/src/mzscheme/src/fun.c
@@ -8525,9 +8525,11 @@ static Scheme_Object *read_compiled_closure(Scheme_Object *obj)
   v = SCHEME_CAR(obj);
   obj = SCHEME_CDR(obj);
   data->num_params = SCHEME_INT_VAL(v);
+  if (data->num_params < 0) return NULL;
 
   if (!SCHEME_PAIRP(obj)) return NULL;
   data->max_let_depth = SCHEME_INT_VAL(SCHEME_CAR(obj));
+  if (data->max_let_depth < 0) return NULL;
   obj = SCHEME_CDR(obj);
 
   if (!SCHEME_PAIRP(obj)) return NULL;
diff --git a/src/mzscheme/src/read.c b/src/mzscheme/src/read.c
index 0f18b20ba7..1c65afc98a 100644
--- a/src/mzscheme/src/read.c
+++ b/src/mzscheme/src/read.c
@@ -4347,7 +4347,7 @@ static Scheme_Object *read_compact_svector(CPort *port, int l)
   o->type = scheme_svector_type;
 
   SCHEME_SVEC_LEN(o) = l;
-  if (l)
+  if (l > 0)
     v = MALLOC_N_ATOMIC(mzshort, l);
   else
     v = NULL;