diff --git a/gfx/2d/DrawTargetCairo.cpp b/gfx/2d/DrawTargetCairo.cpp
index 0c09dc6b1b..2f82ed99c2 100644
--- a/gfx/2d/DrawTargetCairo.cpp
+++ b/gfx/2d/DrawTargetCairo.cpp
@@ -212,6 +212,7 @@ ReleaseData(void* aData)
 
 cairo_surface_t*
 CopyToImageSurface(unsigned char *aData,
+                   const IntSize& aSize,
                    const IntRect &aRect,
                    int32_t aStride,
                    SurfaceFormat aFormat)
@@ -234,7 +235,8 @@ CopyToImageSurface(unsigned char *aData,
   size_t surfStride = cairo_image_surface_get_stride(surf);
   size_t pixelWidth = BytesPerPixel(aFormat);
   size_t rowDataWidth = size_t(aRect.width) * pixelWidth;
-  if (rowDataWidth > surfStride || rowDataWidth > size_t(aStride)) {
+  if (rowDataWidth > surfStride || rowDataWidth > size_t(aStride) ||
+      !IntRect(IntPoint(), aSize).Contains(aRect)) {
     cairo_surface_destroy(surf);
     return nullptr;
   }
@@ -272,12 +274,13 @@ cairo_surface_t* GetAsImageSurface(cairo_surface_t* aSurface)
 }
 
 cairo_surface_t* CreateSubImageForData(unsigned char* aData,
+                                       const IntSize& aSize,
                                        const IntRect& aRect,
                                        int aStride,
                                        SurfaceFormat aFormat)
 {
-  if (!aData || aStride < 0) {
-    gfxWarning() << "DrawTargetCairo.CreateSubImageForData invalid aData or stride";
+  if (!aData || aStride < 0 || !IntRect(IntPoint(), aSize).Contains(aRect)) {
+    gfxWarning() << "DrawTargetCairo.CreateSubImageForData invalid data";
     return nullptr;
   }
   unsigned char* data = aData + 
@@ -309,6 +312,8 @@ cairo_surface_t* ExtractSubImage(cairo_surface_t* aSurface,
   cairo_surface_t* image = GetAsImageSurface(aSurface);
   if (image) {
     image = CreateSubImageForData(cairo_image_surface_get_data(image),
+                                  IntSize(cairo_image_surface_get_width(image),
+                                          cairo_image_surface_get_height(image)),
                                   aSubImage,
                                   cairo_image_surface_get_stride(image),
                                   aFormat);
@@ -389,7 +394,7 @@ GetCairoSurfaceForSourceSurface(SourceSurface *aSurface,
   }
 
   cairo_surface_t* surf =
-    CreateSubImageForData(map.mData, subimage,
+    CreateSubImageForData(map.mData, data->GetSize(), subimage,
                           map.mStride, data->GetFormat());
 
   // In certain scenarios, requesting larger than 8k image fails.  Bug 803568
@@ -404,6 +409,7 @@ GetCairoSurfaceForSourceSurface(SourceSurface *aSurface,
       // data.
       cairo_surface_t* result =
         CopyToImageSurface(map.mData,
+                           data->GetSize(),
                            subimage,
                            map.mStride,
                            data->GetFormat());
@@ -1714,8 +1720,11 @@ DrawTargetCairo::CreateSourceSurfaceFromData(unsigned char *aData,
     return nullptr;
   }
 
-  cairo_surface_t* surf = CopyToImageSurface(aData, IntRect(IntPoint(), aSize),
-                                             aStride, aFormat);
+  cairo_surface_t* surf = CopyToImageSurface(aData,
+                                             aSize,
+                                             IntRect(IntPoint(), aSize),
+                                             aStride,
+                                             aFormat);
   if (!surf) {
     return nullptr;
   }