diff --git a/Python/fileutils.c b/Python/fileutils.c
index 439bc351596f..e2c6895cf0be 100644
--- a/Python/fileutils.c
+++ b/Python/fileutils.c
@@ -407,7 +407,8 @@ decode_current_locale(const char* arg, wchar_t **wstr, size_t *wlen,
             /* Only use the result if it contains no
                surrogate characters. */
             for (tmp = res; *tmp != 0 &&
-                         !Py_UNICODE_IS_SURROGATE(*tmp); tmp++)
+                         !Py_UNICODE_IS_SURROGATE(*tmp) &&
+                         *tmp >= 0 && *tmp <= 0x10ffffL; tmp++)
                 ;
             if (*tmp == 0) {
                 if (wlen != NULL) {
@@ -453,7 +454,7 @@ decode_current_locale(const char* arg, wchar_t **wstr, size_t *wlen,
             goto decode_error;
         }
 
-        if (converted == (size_t)-1) {
+        if (converted == (size_t)-1 || (*out < 0 || *out > 0x10FFFFL)) {
             if (!surrogateescape) {
                 goto decode_error;
             }