diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8fa88b593..799261b78 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,10 +10,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Doc improvements [#632] [#634] [#635]
 - Add crate version to docs.rs links used in `compile_error!`s [#639]
 
+## Fixed
+- Error handling in WASI p1 [#661]
+
 [#632]: https://github.com/rust-random/getrandom/pull/632
 [#634]: https://github.com/rust-random/getrandom/pull/634
 [#635]: https://github.com/rust-random/getrandom/pull/635
 [#639]: https://github.com/rust-random/getrandom/pull/639
+[#661]: https://github.com/rust-random/getrandom/pull/661
 
 ## [0.3.2] - 2025-03-17
 
diff --git a/src/backends/wasi_p1.rs b/src/backends/wasi_p1.rs
index 76dbc6d0a..25b5ca3b7 100644
--- a/src/backends/wasi_p1.rs
+++ b/src/backends/wasi_p1.rs
@@ -11,6 +11,10 @@ extern "C" {
     fn random_get(arg0: i32, arg1: i32) -> i32;
 }
 
+/// WASI p1 uses `u16` for error codes in its witx definitions:
+/// https://github.com/WebAssembly/WASI/blob/38454e9e/legacy/preview1/witx/typenames.witx#L34-L39
+const MAX_ERROR_CODE: i32 = u16::MAX as i32;
+
 #[inline]
 pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     // Based on the wasi code:
@@ -21,6 +25,8 @@ pub fn fill_inner(dest: &mut [MaybeUninit<u8>]) -> Result<(), Error> {
     let ret = unsafe { random_get(dest.as_mut_ptr() as i32, dest.len() as i32) };
     match ret {
         0 => Ok(()),
-        code => Err(Error::from_neg_error_code(code)),
+        // WASI functions should return positive error codes which are smaller than `MAX_ERROR_CODE`
+        code if code <= MAX_ERROR_CODE => Err(Error::from_neg_error_code(-code)),
+        _ => Err(Error::UNEXPECTED),
     }
 }