diff --git a/src/ChangeLog b/src/ChangeLog
index a06c09837c5fdeede4d268659d1865100d8e0a04..09fae66d03bf2fe28f3bcdcf7f6e596ccfad8c84 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,9 @@
+2011-03-30  Larry Jones  <lawrence.jones@siemens.com>
+
+	* gpg.c (parse_signature_subpacket): Correct spout->raw memory
+	allocation. 
+	(Reported by David Taylor <dtaylor@emc.com>.)
+
 2010-10-21  Larry Jones  <lawrence.jones@siemens.com>
 
 	* rcs.c (apply_rcs_changes): Correct deltatext position sanity
diff --git a/src/gpg.c b/src/gpg.c
index 6ae98f5e3fbfc96ce4987de77aae6bca9486bb71..f70a705e13e618b0b5befe98513e8b61236ec5a0 100644
--- a/src/gpg.c
+++ b/src/gpg.c
@@ -403,8 +403,8 @@ parse_signature_subpacket (struct buffer *bpin,
   uint32_t splen;
   size_t raw_idx = 0;
 
-  /* Enough to store the subpacket length.  */
-  spout->raw = xmalloc (4);
+  /* Enough to store the subpacket header.  */
+  spout->raw = xmalloc (5);
 
   if ((rc = read_u8 (bpin, &c)))
     return rc;
@@ -435,7 +435,7 @@ parse_signature_subpacket (struct buffer *bpin,
     error (1, 0, "Received zero length subpacket in OpenPGP signature.");
 
   /* Allocate enough bytes for the rest of the subpacket.  */
-  spout->raw = xrealloc (spout->raw, splen);
+  spout->raw = xrealloc (spout->raw, raw_idx + splen);
 
   /* Read the subpacket type.  */
   if ((rc = read_u8 (bpin, &c)))