:: commit 2aa4527b783efaa4387c0f1cde28a6c565915b18

diff --git a/src/libbz3.c b/src/libbz3.c
index 319cf8c..b66096d 100644
--- a/src/libbz3.c
+++ b/src/libbz3.c
@@ -212,6 +212,11 @@ PUBLIC_API s32 bz3_decode_block(struct bz3_state * state, u8 * buffer, s32 data_
         return -1;
     }
 
+    if(orig_size > state->block_size + state->block_size / 50 + 16 || orig_size < 0) {
+        state->last_error = BZ3_ERR_MALFORMED_HEADER;
+        return -1;
+    }
+
     // Decode the data.
     u8 *b1 = buffer, *b2 = state->swap_buffer;