diff --git a/library/ecdsa.c b/library/ecdsa.c
index dc169cefc2..3484a740ec 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -220,8 +220,8 @@ int ecdsa_write_signature( ecdsa_context *ctx,
                            void *p_rng )
 {
     int ret;
-    unsigned char buf[MAX_SIG_LEN + 3];
-    unsigned char *p = buf + MAX_SIG_LEN;
+    unsigned char buf[MAX_SIG_LEN];
+    unsigned char *p = buf + sizeof( buf );
     size_t len = 0;
 
     if( ( ret = ecdsa_sign( &ctx->grp, &ctx->r, &ctx->s, &ctx->d,
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 7e500bba12..a88bf1f7f6 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -135,7 +135,7 @@ int main( int argc, char *argv[] )
         printf( " failed\n  ! ecdsa_genkey returned %d\n", ret );
         goto exit;
     }
-    printf( " ok\n" );
+    printf( " ok (signature length = %zu)\n", sig_len );
 
     /*
      * Signature is serialized as defined by RFC 4492 p. 20,