diff --git a/Lib/test/pickletester.py b/Lib/test/pickletester.py
index c22085ad5c5..2454af13edd 100644
--- a/Lib/test/pickletester.py
+++ b/Lib/test/pickletester.py
@@ -1029,6 +1029,15 @@ class AbstractPickleModuleTests(unittest.TestCase):
         exec teststr in {'__builtins__': builtins}, d
         d['f']()
 
+    def test_bad_input(self):
+        # Test issue4298
+        s = '\x58\0\0\0\x54'
+        self.assertRaises(EOFError, self.module.loads, s)
+        # Test issue7455
+        s = '0'
+        # XXX Why doesn't pickle raise UnpicklingError?
+        self.assertRaises((IndexError, cPickle.UnpicklingError),
+                          self.module.loads, s)
 
 class AbstractPersistentPicklerTests(unittest.TestCase):
 
diff --git a/Misc/NEWS b/Misc/NEWS
index dbdf47a1072..85faf59415b 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -48,6 +48,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #7455: Fix possible crash in cPickle on invalid input.  Patch by
+  Victor Stinner.
+
 - Issue #6511: ZipFile now raises BadZipfile (instead of an IOError) when
   opening an empty or very small file.
 
diff --git a/Modules/cPickle.c b/Modules/cPickle.c
index 4e53ae67227..331fca2f7c2 100644
--- a/Modules/cPickle.c
+++ b/Modules/cPickle.c
@@ -4033,7 +4033,7 @@ load_pop(Unpicklerobject *self)
 	*/
 	if (self->num_marks > 0 && self->marks[self->num_marks - 1] == len) {
 		self->num_marks--;
-	} else if (len >= 0) {
+	} else if (len > 0) {
 		len--;
 		Py_DECREF(self->stack->data[len]);
 		self->stack->length = len;