diff --git a/src/p_mach.cpp b/src/p_mach.cpp
index 03c2b5a3..ef6be775 100644
--- a/src/p_mach.cpp
+++ b/src/p_mach.cpp
@@ -496,7 +496,9 @@ void PackMachPPC32::pack4(OutputFile *fo, Filter &ft)  // append PackHeader
         secXHDR.offset -= sizeof(uuid_cmd) + sizeof(linkitem);
     }
     secXHDR.addr += secXHDR.offset;
-    unsigned const foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    unsigned foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    if (foff1 < segTEXT.vmsize)
+        foff1 += PAGE_SIZE;  // codesign disallows overhang
     segLINK.fileoff = foff1;
     segLINK.vmaddr = segTEXT.vmaddr + foff1;
     fo->seek(foff1 - 1, SEEK_SET); fo->write("", 1);
@@ -538,7 +540,9 @@ void PackMachI386::pack4(OutputFile *fo, Filter &ft)  // append PackHeader
         secXHDR.offset -= sizeof(uuid_cmd) + sizeof(linkitem);
     }
     secXHDR.addr += secXHDR.offset;
-    unsigned const foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    unsigned foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    if (foff1 < segTEXT.vmsize)
+        foff1 += PAGE_SIZE;  // codesign disallows overhang
     segLINK.fileoff = foff1;
     segLINK.vmaddr = segTEXT.vmaddr + foff1;
     fo->seek(foff1 - 1, SEEK_SET); fo->write("", 1);
@@ -580,7 +584,9 @@ void PackMachAMD64::pack4(OutputFile *fo, Filter &ft)  // append PackHeader
         secXHDR.offset -= sizeof(uuid_cmd) + sizeof(linkitem);
     }
     secXHDR.addr += secXHDR.offset;
-    unsigned const foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    unsigned foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    if (foff1 < segTEXT.vmsize)
+        foff1 += PAGE_SIZE;  // codesign disallows overhang
     segLINK.fileoff = foff1;
     segLINK.vmaddr = segTEXT.vmaddr + foff1;
     fo->seek(foff1 - 1, SEEK_SET); fo->write("", 1);
@@ -622,7 +628,9 @@ void PackMachARMEL::pack4(OutputFile *fo, Filter &ft)  // append PackHeader
         secXHDR.offset -= sizeof(uuid_cmd) + sizeof(linkitem);
     }
     secXHDR.addr += secXHDR.offset;
-    unsigned const foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    unsigned foff1 = (PAGE_MASK & (~PAGE_MASK + segTEXT.filesize));
+    if (foff1 < segTEXT.vmsize)
+        foff1 += PAGE_SIZE;  // codesign disallows overhang
     segLINK.fileoff = foff1;
     segLINK.vmaddr = segTEXT.vmaddr + foff1;
     fo->seek(foff1 - 1, SEEK_SET); fo->write("", 1);
diff --git a/src/p_unix.cpp b/src/p_unix.cpp
index 94e73794..ebee464f 100644
--- a/src/p_unix.cpp
+++ b/src/p_unix.cpp
@@ -505,8 +505,10 @@ int PackUnix::canUnpack()
 {
     int const small = 32 + sizeof(overlay_offset);
     // Allow zero-filled last page, for Mac OS X code signing.
-    upx_byte buf[4096 + 2*small +1];
-    const int bufsize = sizeof(buf);
+    int bufsize = 2*4096 + 2*small +1;
+    if (bufsize > fi->st_size())
+        bufsize = fi->st_size();
+    upx_byte buf[bufsize];
 
     fi->seek(-bufsize, SEEK_END);
     fi->readx(buf, bufsize);