diff --git a/remux.c b/remux.c
index ef6c0d1d36321f344a915a7d11578233ab00c7a9..973b79b4c1e839bd95d02a52c580b45027c77f28 100644
--- a/remux.c
+++ b/remux.c
@@ -7,7 +7,7 @@ int main(int argc, char *argv[])
 {
 	int i, err;
 	int *idxmap;
-	char *p, *path, *tmp;
+	char *p, *path, *srcpath, *tmp;
 	AVFormatContext *demux, *mux;
 	AVPacket pkt;
 	AVStream *stream;
@@ -22,8 +22,9 @@ int main(int argc, char *argv[])
 
 	jobid = atoi(argv[1]);
 	path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
+	srcpath = mprintf("%s/%s", getenv(WORKER_RAW), jstr(jlookup(argv[4], "srcpath"), ""));
 	tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
-	overwrite_check(path);
+	overwrite_check(path, srcpath, jstr(jlookup(argv[4], "srchash"), ""));
 	ping_job(jobid, "running", 0);
 
 	demux = 0;
@@ -79,7 +80,7 @@ int main(int argc, char *argv[])
 	avio_closep(&mux->pb);
 	if (!filesize(tmp))
 		job_failed("Sanity check failed: Output file is empty");
-	overwrite_check(path);
+	overwrite_check(path, srcpath, jstr(jlookup(argv[4], "srchash"), ""));
 	if (rename(tmp, path))
 		job_failed("Overwriting output file failed: %s", strerror(errno));
 	unlink(tmp);
diff --git a/transcode.c b/transcode.c
index ab3581a2b3f0d8e1a39a166028c4740df6b01a16..f4765d6dad5f6d63a55bb8e6d4697d7e10de6625 100644
--- a/transcode.c
+++ b/transcode.c
@@ -274,7 +274,7 @@ int main(int argc, char *argv[])
 	output = jlookup(argv[4], "output");
 	outpath = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), ""));
 	tmppath = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
-	overwrite_check(outpath);
+	overwrite_check(outpath, inpath, jstr(jlookup(input, "hash"), ""));
 
 	demux = 0;
 	opts = 0;
@@ -359,7 +359,7 @@ int main(int argc, char *argv[])
 	avio_closep(&mux->pb);
 	if (!filesize(tmppath))
 		job_failed("Sanity check failed: Output file is empty");
-	overwrite_check(outpath);
+	overwrite_check(outpath, 0, 0);
 	if (rename(tmppath, outpath))
 		job_failed("Overwriting output file \"%s\" failed: %s", outpath, strerror(errno));
 	unlink(tmppath);
diff --git a/util.h b/util.h
index 434c32f38360e599f630d5a59db3e6cc9f9e6bef..799769980138d1293eeb9b845d14e037aa9a03fc 100644
--- a/util.h
+++ b/util.h
@@ -16,7 +16,7 @@ char *hashfile(char *path);
 double fileduration(char *path);
 size_t filesize(char *path);
 char *json_fileinfo(char *path);
-void overwrite_check(char *path);
+void overwrite_check(char *path, char *srcpath, char *srchash);
 int checktime(time_t min);
 
 #define WORKER_APIKEY "WORKER_APIKEY"
diff --git a/util/overwrite_check.c b/util/overwrite_check.c
index 9842c320d451dbfd97b756d1d3a0b06899f84e28..e08e63e9a4e993f81bc37ca73319ea32df131c5a 100644
--- a/util/overwrite_check.c
+++ b/util/overwrite_check.c
@@ -3,11 +3,13 @@
 
 #include "../util.h"
 
-void overwrite_check(char *path)
+void overwrite_check(char *path, char *srcpath, char *srchash)
 {
 	struct stat s;
 	if (stat(path, &s) || !s.st_size)
 		return; /* We can overwrite non-existing or empty files */
+	if (srcpath && strcmp(hashfile(srcpath), srchash))
+		job_failed("Refusing to overwrite output file \"%s\": Source file hash mismatch", path);
 	if (s.st_uid != getuid())
 		job_failed("Refusing to overwrite output file \"%s\": File was not created by worker", path);
 }