diff --git a/src/mbyte.c b/src/mbyte.c
index 742c220df9..5ed321ed22 100644
--- a/src/mbyte.c
+++ b/src/mbyte.c
@@ -1784,6 +1784,7 @@ dbcs_ptr2char(char_u *p)
  * Convert a UTF-8 byte sequence to a wide character.
  * If the sequence is illegal or truncated by a NUL the first byte is
  * returned.
+ * For an overlong sequence this may return zero.
  * Does not include composing characters, of course.
  */
     int
@@ -4112,7 +4113,10 @@ mb_adjustpos(buf_T *buf, pos_T *lp)
 	    )
     {
 	p = ml_get_buf(buf, lp->lnum, FALSE);
-	lp->col -= (*mb_head_off)(p, p + lp->col);
+	if (*p == NUL || (int)STRLEN(p) < lp->col)
+	    lp->col = 0;
+	else
+	    lp->col -= (*mb_head_off)(p, p + lp->col);
 #ifdef FEAT_VIRTUALEDIT
 	/* Reset "coladd" when the cursor would be on the right half of a
 	 * double-wide character. */
diff --git a/src/testdir/test_undo.vim b/src/testdir/test_undo.vim
index 30164a6df4..b7235867b9 100644
--- a/src/testdir/test_undo.vim
+++ b/src/testdir/test_undo.vim
@@ -350,3 +350,12 @@ func Test_cmd_in_reg_undo()
   only!
   let @a=''
 endfunc
+
+" This used to cause an illegal memory access
+func Test_undo_append()
+  new
+  call feedkeys("axx\<Esc>v", 'xt')
+  undo
+  norm o
+  quit
+endfunc
diff --git a/src/version.c b/src/version.c
index 2a3460edce..6ebb01a396 100644
--- a/src/version.c
+++ b/src/version.c
@@ -771,6 +771,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1433,
 /**/
     1432,
 /**/