diff --git a/src/nb_type.cpp b/src/nb_type.cpp
index 23ff4e3f..b86a38d0 100644
--- a/src/nb_type.cpp
+++ b/src/nb_type.cpp
@@ -124,7 +124,10 @@ PyObject *inst_new_ext(PyTypeObject *tp, void *value) {
     }
 
     // Compute offset to instance value
-    int32_t offset = (int32_t) ((intptr_t) value - (intptr_t) self);
+    // Use uint64_t because subtracting tagged pointers (e.g., with
+    // HardwareAddressSanitizer) may overflow, which is undefined behavior for
+    // signed integers.
+    int32_t offset = (int32_t) ((uintptr_t) value - (uintptr_t) self);
 
     bool direct = (intptr_t) self + offset == (intptr_t) value;
     if (NB_UNLIKELY(!direct)) {