diff --git a/src/signTxOutput.c b/src/signTxOutput.c
index a412c65d..21ccaa89 100644
--- a/src/signTxOutput.c
+++ b/src/signTxOutput.c
@@ -743,6 +743,10 @@ static void handleDatumInline(read_view_t* view)
 		VALIDATE(chunkSize > 0, ERR_INVALID_DATA);
 		VALIDATE(chunkSize <= MAX_CHUNK_SIZE, ERR_INVALID_DATA);
 		VALIDATE(chunkSize <= subctx->stateData.datumRemainingBytes, ERR_INVALID_DATA);
+		if (subctx->stateData.datumRemainingBytes >= MAX_CHUNK_SIZE) {
+			// forces to use chunks of maximum allowed size
+			VALIDATE(chunkSize == MAX_CHUNK_SIZE, ERR_INVALID_DATA);
+		}
 
 		view_parseBuffer(subctx->stateData.datumChunk, view, chunkSize);
 		VALIDATE(view_remainingSize(view) == 0, ERR_INVALID_DATA);
@@ -936,7 +940,10 @@ static void handleRefScriptChunkAPDU(const uint8_t* wireDataBuffer, size_t wireD
 		TRACE("chunkSize = %u", chunkSize);
 		VALIDATE(chunkSize > 0, ERR_INVALID_DATA);
 		VALIDATE(chunkSize <= MAX_CHUNK_SIZE, ERR_INVALID_DATA);
-
+		if (subctx->stateData.datumRemainingBytes >= MAX_CHUNK_SIZE) {
+			// forces to use chunks of maximum allowed size
+			VALIDATE(chunkSize == MAX_CHUNK_SIZE, ERR_INVALID_DATA);
+		}
 		VALIDATE(chunkSize <= subctx->stateData.refScriptRemainingBytes, ERR_INVALID_DATA);
 		subctx->stateData.refScriptRemainingBytes -= chunkSize;