diff --git a/src/js/typedarray.js b/src/js/typedarray.js
index ef24b58405..70bc14a8b0 100644
--- a/src/js/typedarray.js
+++ b/src/js/typedarray.js
@@ -166,6 +166,9 @@ function NAMEConstructByArrayBuffer(obj, buffer, byteOffset, length) {
     }
   }
   var newLength = newByteLength / ELEMENT_SIZE;
+  if (newLength > %_MaxSmi()) {
+    throw %make_range_error(kInvalidTypedArrayLength);
+  }
   %typed_array_initialize(obj, newLength, buffer, offset, newByteLength, true);
 }
 
diff --git a/test/mjsunit/es6/typedarray.js b/test/mjsunit/es6/typedarray.js
index b6225a4024..e272afb770 100644
--- a/test/mjsunit/es6/typedarray.js
+++ b/test/mjsunit/es6/typedarray.js
@@ -831,3 +831,15 @@ for(i = 0; i < typedArrayConstructors.length; i++) {
     }
   }
 })();
+
+(function TestBufferLengthTooLong() {
+  try {
+    var buf = new ArrayBuffer(2147483648);
+    assertThrows(function() {
+      new Int8Array(buf);
+    }, RangeError);
+  } catch (e) {
+    // The ArrayBuffer allocation fails on 32-bit archs, so no need to try to
+    // construct the typed array.
+  }
+})();