diff --git a/src/hb-open-types-private.hh b/src/hb-open-types-private.hh
index 8e325d738..d923b8849 100644
--- a/src/hb-open-types-private.hh
+++ b/src/hb-open-types-private.hh
@@ -282,6 +282,14 @@ struct Tag : ULONG
   /* What the char* converters return is NOT nul-terminated.  Print using "%.4s" */
   inline operator const char* (void) const { return CONST_CHARP(this); }
   inline operator char* (void) { return CHARP(this); }
+
+  inline bool sanitize (SANITIZE_ARG_DEF) {
+    /* Note: Only accept ASCII-visible tags (mind DEL)
+     * This is one of the few times (only time?) we check
+     * for data integrity, as opposed o just boundary checks
+     */
+    return SANITIZE_SELF () && (((uint32_t) *this) & 0x80808080) == 0;
+  }
 };
 ASSERT_SIZE (Tag, 4);
 #define _NULL_TAG_INIT  {' ', ' ', ' ', ' '}
diff --git a/src/hb-ot-layout-common-private.hh b/src/hb-ot-layout-common-private.hh
index 18b190943..1fbec021c 100644
--- a/src/hb-ot-layout-common-private.hh
+++ b/src/hb-ot-layout-common-private.hh
@@ -47,11 +47,7 @@ template <typename Type>
 struct Record
 {
   inline bool sanitize (SANITIZE_ARG_DEF, const void *base) {
-    /* Note: Only accept ASCII-visible tags (mind DEL)
-     * This is one of the few times (only time?) we check
-     * for data integrity, as opposed o just boundary checks
-     */
-    return (tag & 0x80808080) == 0 && offset.sanitize (SANITIZE_ARG, base);
+    return SANITIZE (tag) == 0 && SANITIZE_BASE (offset, base);
   }
 
   Tag		tag;		/* 4-byte Tag identifier */