diff --git a/src/lib/nbt.cpp b/src/lib/nbt.cpp
index 0dd3e4e..d65fe42 100644
--- a/src/lib/nbt.cpp
+++ b/src/lib/nbt.cpp
@@ -154,6 +154,9 @@ namespace NBT {
             if (stringSize.isError) {
                 return ErrorOr<tiny_utf8::string>(true, stringSize.errorCode);
             }
+            if (currentPosition + (uint64_t) stringSize.value + 2 > dataSize) {
+                return ErrorOr<tiny_utf8::string>(true, ErrorCodes::OVERRUN);
+            }
 
             ErrorOr<tiny_utf8::string> output = JavaCompat::importJavaString(data+currentPosition, stringSize.value);
             if(output.isError){