diff --git a/src/radeon_video.c b/src/radeon_video.c
index ac60166..3b425db 100644
--- a/src/radeon_video.c
+++ b/src/radeon_video.c
@@ -3044,6 +3044,17 @@ RADEONPutImage(
    if (pPriv->video_offset == 0)
       return BadAlloc;
 
+   /* video overlay only has 27 bits for offset */
+   if (pPriv->video_offset > 0xffffff0) {
+       xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
+		  "Memory allocation outside overlay address range\n");
+       if (pPriv->video_memory != NULL) {
+	   RADEONFreeMemory(pScrn, pPriv->video_memory);
+	   pPriv->video_memory = NULL;
+       }
+       return BadAlloc;
+   }
+
    pPriv->currentBuffer ^= 1;
 
     /* copy data */
@@ -3272,6 +3283,17 @@ RADEONAllocateSurface(
     if (offset == 0)
 	return BadAlloc;
 
+    /* video overlay only has 27 bits for offset */
+    if (offset > 0xffffff0) {
+	xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
+		   "Memory allocation outside overlay address range\n");
+	if (surface_memory != NULL) {
+	    RADEONFreeMemory(pScrn, surface_memory);
+	    surface_memory = NULL;
+	}
+	return BadAlloc;
+    }
+
     surface->width = w;
     surface->height = h;
 
@@ -3608,6 +3630,17 @@ RADEONPutVideo(
    if (pPriv->video_offset == 0)
       return BadAlloc;
 
+   /* video overlay only has 27 bits for offset */
+   if (pPriv->video_offset > 0xffffff0) {
+       xf86DrvMsg(pScrn->scrnIndex, X_ERROR,
+		  "Memory allocation outside overlay address range\n");
+       if (pPriv->video_memory != NULL) {
+	   RADEONFreeMemory(pScrn, pPriv->video_memory);
+	   pPriv->video_memory = NULL;
+       }
+       return BadAlloc;
+   }
+
 /* I have suspicion that capture engine must be active _before_ Rage Theatre
    is being manipulated with.. */