diff --git a/THANKS b/THANKS
index ac50d08..bba4bdb 100644
--- a/THANKS
+++ b/THANKS
@@ -10,3 +10,5 @@ Dirk Meyer helped BSD portability.
 
 Zak Johnson fixed substring matches in ldap_match_mapped.
 
+Andreas Stührk found a possible integer underflow in the indexing code.
+I'd be astounded if someone found a way to exploit it, though.
diff --git a/tinyldap.c b/tinyldap.c
index 64a12cf..dc485a0 100644
--- a/tinyldap.c
+++ b/tinyldap.c
@@ -639,17 +639,18 @@ static void tagmatches(uint32* index,size_t elements,struct string* s,
 	setbit(b,rec);
       /* there may be multiple matches.
 	* Look before and after mid, too */
-      for (k=mid-1; k>0; --k) {
-	m=uint32_read((char*)(&index[k]));
-	if ((ft==LESSEQUAL) || (l=match(s,map+m))==0) {
-	  if (index_type==0)
-	    rec=findrec(m);
-	  else if (index_type==1)
-	    rec=uint32_read((char*)(&index[k+elements]));
-	  if (rec>=0)
-	    setbit(b,rec);
-	} else break;
-      }
+      if (mid)	/* thx Andreas Stührk */
+	for (k=mid-1; k>0; --k) {
+	  m=uint32_read((char*)(&index[k]));
+	  if ((ft==LESSEQUAL) || (l=match(s,map+m))==0) {
+	    if (index_type==0)
+	      rec=findrec(m);
+	    else if (index_type==1)
+	      rec=uint32_read((char*)(&index[k+elements]));
+	    if (rec>=0)
+	      setbit(b,rec);
+	  } else break;
+	}
       for (k=mid+1; k<elements; ++k) {
 	m=uint32_read((char*)(&index[k]));
 	if ((ft==GREATEQUAL) || (l=match(s,map+m))==0) {