diff --git a/src/script/interpreter.cpp b/src/script/interpreter.cpp
--- a/src/script/interpreter.cpp
+++ b/src/script/interpreter.cpp
@@ -1123,9 +1123,9 @@
                         const valtype &data = stacktop(-2);
 
                         // Make sure the split point is appropriate.
-                        uint64_t position =
+                        int position =
                             CScriptNum(stacktop(-1), fRequireMinimal).getint();
-                        if (position > data.size()) {
+                        if (position < 0 || position > (int)data.size()) {
                             return set_error(serror,
                                              SCRIPT_ERR_INVALID_SPLIT_RANGE);
                         }
@@ -1150,8 +1150,12 @@
                                 serror, SCRIPT_ERR_INVALID_STACK_OPERATION);
                         }
 
-                        uint64_t size =
-                            CScriptNum(stacktop(-1), fRequireMinimal).getint();
+                        CScriptNum bnSize(stacktop(-1), fRequireMinimal);
+                        if (bnSize < 0) {
+                            return set_error(serror,
+                                             SCRIPT_ERR_NEGATIVE_NUMBER);
+                        }
+                        unsigned int size = bnSize.getint();
                         if (size > MAX_SCRIPT_ELEMENT_SIZE) {
                             return set_error(serror, SCRIPT_ERR_PUSH_SIZE);
                         }
diff --git a/src/script/script_error.h b/src/script/script_error.h
--- a/src/script/script_error.h
+++ b/src/script/script_error.h
@@ -25,6 +25,7 @@
     SCRIPT_ERR_INVALID_NUMBER_RANGE,
     SCRIPT_ERR_IMPOSSIBLE_ENCODING,
     SCRIPT_ERR_INVALID_SPLIT_RANGE,
+    SCRIPT_ERR_NEGATIVE_NUMBER,
 
     /* Failed verify operations */
     SCRIPT_ERR_VERIFY,
diff --git a/src/script/script_error.cpp b/src/script/script_error.cpp
--- a/src/script/script_error.cpp
+++ b/src/script/script_error.cpp
@@ -45,6 +45,8 @@
             return "The requested encoding is impossible to satisfy";
         case SCRIPT_ERR_INVALID_SPLIT_RANGE:
             return "Invalid OP_SPLIT range";
+        case SCRIPT_ERR_NEGATIVE_NUMBER:
+            return "Given operand is a negative number";
         case SCRIPT_ERR_BAD_OPCODE:
             return "Opcode missing or not understood";
         case SCRIPT_ERR_DISABLED_OPCODE:
diff --git a/src/test/data/script_tests.json b/src/test/data/script_tests.json
--- a/src/test/data/script_tests.json
+++ b/src/test/data/script_tests.json
@@ -889,7 +889,7 @@
 ["-42 10", "NUM2BIN 0x0a 0x2a000000000000000080 EQUAL", "P2SH,STRICTENC", "OK", "NUM2BIN, large materialization"],
 ["-42 520", "NUM2BIN", "P2SH,STRICTENC", "OK", "Pushing 520 bytes is ok"],
 ["-42 521", "NUM2BIN", "P2SH,STRICTENC", "PUSH_SIZE", "Pushing 521 bytes is not"],
-["-42 -3", "NUM2BIN", "P2SH,STRICTENC", "PUSH_SIZE", "Negative size"],
+["-42 -3", "NUM2BIN", "P2SH,STRICTENC", "NEGATIVE_NUMBER", "Negative size"],
 ["0x05 0xabcdef4280 4", "NUM2BIN 0x04 0xabcdefc2 EQUAL", "P2SH,STRICTENC", "OK", "Item size reduction"],
 ["0x03 0xabcdef 2", "NUM2BIN", "P2SH,STRICTENC", "IMPOSSIBLE_ENCODING", "output too small"],
 ["0x03 0xabcdef 3", "NUM2BIN", "P2SH,STRICTENC", "OK"],
diff --git a/src/test/script_tests.cpp b/src/test/script_tests.cpp
--- a/src/test/script_tests.cpp
+++ b/src/test/script_tests.cpp
@@ -60,6 +60,7 @@
     {SCRIPT_ERR_INVALID_NUMBER_RANGE, "INVALID_NUMBER_RANGE"},
     {SCRIPT_ERR_IMPOSSIBLE_ENCODING, "IMPOSSIBLE_ENCODING"},
     {SCRIPT_ERR_INVALID_SPLIT_RANGE, "SPLIT_RANGE"},
+    {SCRIPT_ERR_NEGATIVE_NUMBER, "NEGATIVE_NUMBER"},
     {SCRIPT_ERR_VERIFY, "VERIFY"},
     {SCRIPT_ERR_EQUALVERIFY, "EQUALVERIFY"},
     {SCRIPT_ERR_CHECKMULTISIGVERIFY, "CHECKMULTISIGVERIFY"},