diff --git a/core/rec-ARM/rec_arm.cpp b/core/rec-ARM/rec_arm.cpp
index 5fc052852..edd80b625 100644
--- a/core/rec-ARM/rec_arm.cpp
+++ b/core/rec-ARM/rec_arm.cpp
@@ -778,6 +778,9 @@ bool Arm32Dynarec::rewrite(host_context_t& context, void *faultAddress)
 		u32 full;
 	};
 
+	if ((u8 *)context.pc < (u8 *)codeBuffer->getBase()
+			|| (u8 *)context.pc >= (u8 *)codeBuffer->getBase() + codeBuffer->getSize())
+		return false;
 	u32 *regs = context.reg;
 	arm_mem_op *ptr = (arm_mem_op *)context.pc;
 
diff --git a/core/rec-ARM64/rec_arm64.cpp b/core/rec-ARM64/rec_arm64.cpp
index b80268ec5..93ad61c74 100644
--- a/core/rec-ARM64/rec_arm64.cpp
+++ b/core/rec-ARM64/rec_arm64.cpp
@@ -2313,9 +2313,12 @@ public:
 				8,
 		};
 
-		jitWriteProtect(*codeBuffer, false);
 		//LOGI("Sh4Dynarec::rewrite pc %zx\n", context.pc);
 		u32 *code_ptr = (u32 *)CC_RX2RW(context.pc);
+		if ((u8 *)code_ptr < (u8 *)codeBuffer->getBase()
+				|| (u8 *)code_ptr >= (u8 *)codeBuffer->getBase() + codeBuffer->getSize())
+			return false;
+		jitWriteProtect(*codeBuffer, false);
 		u32 armv8_op = *code_ptr;
 		bool is_read = false;
 		u32 size = 0;