diff --git a/sign/rpmgensig.cc b/sign/rpmgensig.cc
index baaa4fedc4..1dcffd2fb1 100644
--- a/sign/rpmgensig.cc
+++ b/sign/rpmgensig.cc
@@ -745,12 +745,13 @@ static int rpmSign(const char *rpm, int deleting, int flags)
 
     /* Adjust reserved size for added/removed signatures */
     if (headerGet(sigh, reserveTag, &utd, HEADERGET_MINMEM)) {
-	int diff = headerSizeof(sigh, HEADER_MAGIC_YES) - origSigSize;
+	unsigned newSize = headerSizeof(sigh, HEADER_MAGIC_YES);
+	int diff = newSize - origSigSize;
 
 	/* diff can be zero if nothing was added or removed */
 	if (diff) {
 	    utd.count -= diff;
-	    if (utd.count > 0 && utd.count < origSigSize) {
+	    if (utd.count > 0 && newSize + utd.count <= origSigSize) {
 		uint8_t *zeros = (uint8_t *)xcalloc(utd.count, sizeof(*zeros));
 		utd.data = zeros;
 		headerMod(sigh, &utd);
diff --git a/tests/rpmsigdig.at b/tests/rpmsigdig.at
index 3c60868fef..603f4a8aa6 100644
--- a/tests/rpmsigdig.at
+++ b/tests/rpmsigdig.at
@@ -1847,7 +1847,6 @@ RPMTEST_CLEANUP
 
 AT_SETUP([--delsign with misplaced ima signature])
 AT_KEYWORDS([rpmsign file signature])
-AT_XFAIL_IF([test $RPM_XFAIL -ne 0])
 RPMTEST_CHECK([
 cp /data/RPMS/hello-2.0-1.x86_64-badima.rpm .
 rpmsign --delsign hello-2.0-1.x86_64-badima.rpm