diff --git a/render/animcur.c b/render/animcur.c
index 752e2d4bf..63501c959 100644
--- a/render/animcur.c
+++ b/render/animcur.c
@@ -298,6 +298,9 @@ int
 AnimCursorCreate(CursorPtr *cursors, CARD32 *deltas, int ncursor,
                  CursorPtr *ppCursor, ClientPtr client, XID cid)
 {
+    if (ncursor <= 0)
+        return BadValue;
+
     CursorPtr pCursor;
     int rc = BadAlloc, i;
     AnimCurPtr ac;
diff --git a/render/render.c b/render/render.c
index 9384ae59b..5e1e1983d 100644
--- a/render/render.c
+++ b/render/render.c
@@ -1784,10 +1784,8 @@ static int
 ProcRenderCreateAnimCursor(ClientPtr client)
 {
     REQUEST(xRenderCreateAnimCursorReq);
-    CursorPtr *cursors;
     CARD32 *deltas;
     CursorPtr pCursor;
-    int ncursor;
     xAnimCursorElt *elt;
     int i;
     int ret;
@@ -1796,10 +1794,14 @@ ProcRenderCreateAnimCursor(ClientPtr client)
     LEGAL_NEW_RESOURCE(stuff->cid, client);
     if (client->req_len & 1)
         return BadLength;
-    ncursor =
+
+    int ncursor =
         (client->req_len -
          (bytes_to_int32(sizeof(xRenderCreateAnimCursorReq)))) >> 1;
-    cursors = calloc(ncursor, sizeof(CursorPtr) + sizeof(CARD32));
+    if (ncursor <= 0)
+        return BadValue;
+
+    CursorPtr *cursors = calloc(ncursor, sizeof(CursorPtr) + sizeof(CARD32));
     if (!cursors)
         return BadAlloc;
     deltas = (CARD32 *) (cursors + ncursor);