diff --git a/CHANGES.md b/CHANGES.md
index 74a8ec4..6b80b25 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -6,6 +6,7 @@ v1.6.2 - YYYY-MM-DD
 -------------------
 
 - Increased the maximum length of a single string to 128k (Issue #146)
+- Added missing range checks to `pdfioArrayCopy` and `pdfioDictCopy`.
 - Fixed an error propagation bug when reading too-long values (Issue #146)
 - Fixed a Clang warning.
 
diff --git a/pdfio-array.c b/pdfio-array.c
index 84f96e7..7e48570 100644
--- a/pdfio-array.c
+++ b/pdfio-array.c
@@ -1,7 +1,7 @@
 //
 // PDF array functions for PDFio.
 //
-// Copyright © 2021-2024 by Michael R Sweet.
+// Copyright © 2021-2026 by Michael R Sweet.
 //
 // Licensed under Apache License v2.0.  See the file "LICENSE" for more
 // information.
@@ -264,6 +264,10 @@ pdfioArrayCopy(pdfio_file_t  *pdf,	// I - PDF file
 
   PDFIO_DEBUG("pdfioArrayCopy(pdf=%p, a=%p(%p))\n", (void *)pdf, (void *)a, a ? (void *)a->pdf : NULL);
 
+  // Range check input...
+  if (!pdf || !a)
+    return (NULL);
+
   // Create the new array...
   if ((na = pdfioArrayCreate(pdf)) == NULL)
     return (NULL);
diff --git a/pdfio-dict.c b/pdfio-dict.c
index 99d623e..95a1a36 100644
--- a/pdfio-dict.c
+++ b/pdfio-dict.c
@@ -79,6 +79,10 @@ pdfioDictCopy(pdfio_file_t *pdf,	// I - PDF file
 
   PDFIO_DEBUG("pdfioDictCopy(pdf=%p, dict=%p(%p))\n", (void *)pdf, (void *)dict, dict ? (void *)dict->pdf : NULL);
 
+  // Range check input...
+  if (!pdf || !dict)
+    return (NULL);
+
   // Create the new dictionary...
   if ((ndict = pdfioDictCreate(pdf)) == NULL)
     return (NULL);