diff --git a/plugins/vli/fu-vli-device.c b/plugins/vli/fu-vli-device.c
index dcc72ae11..893fa8726 100644
--- a/plugins/vli/fu-vli-device.c
+++ b/plugins/vli/fu-vli-device.c
@@ -515,12 +515,24 @@ fu_vli_device_spi_read_flash_id (FuVliDevice *self, GError **error)
 	}
 	if (g_getenv ("FWUPD_VLI_USBHUB_VERBOSE") != NULL)
 		fu_common_dump_raw (G_LOG_DOMAIN, "SpiCmdReadId", buf, sizeof(buf));
-	if (priv->spi_cmd_read_id_sz == 4)
-		priv->flash_id = fu_common_read_uint32 (buf, G_BIG_ENDIAN);
-	else if (priv->spi_cmd_read_id_sz == 2)
-		priv->flash_id = fu_common_read_uint16 (buf, G_BIG_ENDIAN);
-	else if (priv->spi_cmd_read_id_sz == 1)
-		priv->flash_id = buf[0];
+	if (priv->spi_cmd_read_id_sz == 4) {
+		if (!fu_common_read_uint32_safe (buf, sizeof(buf), 0x0,
+						 &priv->flash_id,
+						 G_BIG_ENDIAN, error))
+			return FALSE;
+	} else if (priv->spi_cmd_read_id_sz == 2) {
+		guint16 tmp = 0;
+		if (!fu_common_read_uint16_safe (buf, sizeof(buf), 0x0,
+						 &tmp, G_BIG_ENDIAN, error))
+			return FALSE;
+		priv->flash_id = tmp;
+	} else if (priv->spi_cmd_read_id_sz == 1) {
+		guint8 tmp = 0;
+		if (!fu_common_read_uint8_safe (buf, sizeof(buf), 0x0,
+						&tmp, error))
+			return FALSE;
+		priv->flash_id = tmp;
+	}
 	return TRUE;
 }
 
diff --git a/plugins/vli/fu-vli-pd-device.c b/plugins/vli/fu-vli-pd-device.c
index ce99d7898..2ebc1fb94 100644
--- a/plugins/vli/fu-vli-pd-device.c
+++ b/plugins/vli/fu-vli-pd-device.c
@@ -272,7 +272,9 @@ fu_vli_pd_device_setup (FuVliDevice *device, GError **error)
 		g_prefix_error (error, "failed to get version: ");
 		return FALSE;
 	}
-	version_raw = fu_common_read_uint32 (verbuf, G_BIG_ENDIAN);
+	if (!fu_common_read_uint32_safe (verbuf, sizeof(verbuf), 0x0,
+					 &version_raw, G_BIG_ENDIAN, error))
+		return FALSE;
 	fu_device_set_version_raw (FU_DEVICE (self), version_raw);
 	version_str = fu_common_version_from_uint32 (version_raw, FWUPD_VERSION_FORMAT_QUAD);
 	fu_device_set_version (FU_DEVICE (self), version_str);
diff --git a/plugins/vli/fu-vli-usbhub-rtd21xx-device.c b/plugins/vli/fu-vli-usbhub-rtd21xx-device.c
index f02291dbe..1dece6ffb 100644
--- a/plugins/vli/fu-vli-usbhub-rtd21xx-device.c
+++ b/plugins/vli/fu-vli-usbhub-rtd21xx-device.c
@@ -362,7 +362,9 @@ fu_vli_usbhub_rtd21xx_device_write_firmware (FuDevice *device,
 	}
 
 	/* verify project ID */
-	project_addr = fu_common_read_uint32 (read_buf + 1, G_BIG_ENDIAN);
+	if (!fu_common_read_uint32_safe (read_buf, sizeof(read_buf), 0x1,
+					 &project_addr, G_BIG_ENDIAN, error))
+		return FALSE;
 	project_id_count = read_buf[5];
 	write_buf[0] = ISP_CMD_SYNC_IDENTIFY_CODE;
 	if (!fu_memcpy_safe (write_buf, sizeof(write_buf), 0x1, /* dst */