diff --git a/.pick_status.json b/.pick_status.json
index 89ac320bd81..17675369b10 100644
--- a/.pick_status.json
+++ b/.pick_status.json
@@ -1384,7 +1384,7 @@
         "description": "mesa/bufferobj: ensure that very large width+offset are always rejected",
         "nominated": true,
         "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": null,
         "notes": null
diff --git a/src/mesa/main/bufferobj.c b/src/mesa/main/bufferobj.c
index 64ed8024554..0e6e4760658 100644
--- a/src/mesa/main/bufferobj.c
+++ b/src/mesa/main/bufferobj.c
@@ -3373,14 +3373,14 @@ copy_buffer_sub_data(struct gl_context *ctx, struct gl_buffer_object *src,
       return;
    }
 
-   if (readOffset + size > src->Size) {
+   if (size > src->Size || readOffset > src->Size - size) {
       _mesa_error(ctx, GL_INVALID_VALUE,
                   "%s(readOffset %d + size %d > src_buffer_size %d)", func,
                   (int) readOffset, (int) size, (int) src->Size);
       return;
    }
 
-   if (writeOffset + size > dst->Size) {
+   if (size > dst->Size || writeOffset > dst->Size - size) {
       _mesa_error(ctx, GL_INVALID_VALUE,
                   "%s(writeOffset %d + size %d > dst_buffer_size %d)", func,
                   (int) writeOffset, (int) size, (int) dst->Size);