diff --git a/ext/standard/scanf.c b/ext/standard/scanf.c
index 78ecc1642cf9..408e5ede8881 100644
--- a/ext/standard/scanf.c
+++ b/ext/standard/scanf.c
@@ -361,8 +361,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs)
 			if (gotSequential) {
 				goto mixedXPG;
 			}
-			objIndex = value - 1;
-			if ((objIndex < 0) || (numVars && (objIndex >= numVars))) {
+			if ((value < 1) || (numVars && (value > numVars))) {
 				goto badIndex;
 			} else if (numVars == 0) {
 				/*
@@ -382,6 +381,7 @@ PHPAPI int ValidateFormat(char *format, int numVars, int *totalSubs)
 
 				xpgSize = (xpgSize > value) ? xpgSize : value;
 			}
+			objIndex = value - 1;
 			goto xpgCheckDone;
 		}
 
diff --git a/ext/standard/tests/strings/gh15552.phpt b/ext/standard/tests/strings/gh15552.phpt
new file mode 100644
index 000000000000..60804e025d86
--- /dev/null
+++ b/ext/standard/tests/strings/gh15552.phpt
@@ -0,0 +1,9 @@
+--TEST--
+Bug GH-15552 (Signed integer overflow in ext/standard/scanf.c)
+--FILE--
+<?php
+var_dump(sscanf('hello','%2147483648$s'));
+?>
+--EXPECTF--
+Fatal error: Uncaught ValueError: "%n$" argument index out of range in %s:%d
+Stack trace:%A