:: commit 75323223684b7b025aa675a29e06c0f3369c79f4

diff --git a/src/libbz3.c b/src/libbz3.c
index bf397d6..9c1d53b 100644
--- a/src/libbz3.c
+++ b/src/libbz3.c
@@ -140,7 +140,7 @@ PUBLIC_API s32 bz3_encode_block(struct bz3_state * state, u8 * buffer, s32 data_
     }
 
     lzp_size = lzp_compress(b1, b2, data_size, LZP_DICTIONARY, LZP_MIN_MATCH, state->lzp_lut);
-    if (lzp_size > 0) {
+    if (lzp_size > 0 && lzp_size < data_size + 64) {
         swap(b1, b2);
         data_size = lzp_size;
         model |= 2;
@@ -206,6 +206,11 @@ PUBLIC_API s32 bz3_decode_block(struct bz3_state * state, u8 * buffer, s32 data_
 
     data_size -= p * 4 + 1;
 
+    if(lzp_size > orig_size || rle_size > orig_size || lzp_size < 0 || rle_size < 0) {
+        state->last_error = BZ3_ERR_MALFORMED_HEADER;
+        return -1;
+    }
+
     // Decode the data.
     u8 *b1 = buffer, *b2 = state->swap_buffer;