diff --git a/modules/im/ximcp/imLcPrs.c b/modules/im/ximcp/imLcPrs.c
index 60215c70..795ea719 100644
--- a/modules/im/ximcp/imLcPrs.c
+++ b/modules/im/ximcp/imLcPrs.c
@@ -676,8 +676,10 @@ parseline(
 		    goto error;
 		b->tree = new;
 		b->treesize = newsize;
+		/* Re-derive top after realloc() to avoid undefined behaviour
+		   (and crashes on architectures that track pointer bounds). */
 		if (top >= (DTIndex *) old && top < (DTIndex *) &old[oldsize])
-		    top = (DTIndex *) (((char *) top) + (((char *)b->tree)-(char *)old));
+		    top = (DTIndex *) (((char *)new) + (((char *)top)-(char *)old));
 	    }
 	    p = &b->tree[b->treeused];
 	    p->keysym        = buf[i].keysym;
diff --git a/src/xlibi18n/lcDB.c b/src/xlibi18n/lcDB.c
index 48a10791..8b02b67e 100644
--- a/src/xlibi18n/lcDB.c
+++ b/src/xlibi18n/lcDB.c
@@ -517,11 +517,13 @@ append_value_list (void)
     }
     if (value != *value_list) {
 	int i;
-	ssize_t delta;
-	delta = value - *value_list;
+	char *old_list;
+	old_list = *value_list;
 	*value_list = value;
+	/* Re-derive pointers from the new realloc() result to avoid undefined
+	   behaviour (and crashes on architectures with pointer bounds). */
 	for (i = 1; i < value_num; ++i) {
-	    value_list[i] += delta;
+	    value_list[i] = value + (value_list[i] - old_list);
 	}
     }