diff --git a/configure.ac b/configure.ac
index 2860be5887431d618b0d7750a830ef2c5f8eb8c6..2de197f60daa764222c71c2e628602ac8d40788a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -502,6 +502,15 @@ if test "x${ac_enable_telemetry}" = xyes; then
    AC_SUBST(CAIRO_LIBS)
 fi
 
+dnl add safety rails for fuzzing
+AC_ARG_ENABLE(mem-constraint,
+    AS_HELP_STRING([--enable-mem-constraint], [Abort if size exceeds 16384x16384 (for fuzzing only)]),
+    [ ac_enable_mem_constraint=$enableval ], [ ac_enable_mem_constraint=no] )
+
+if test "x${ac_enable_mem_constraint}" = xyes; then
+   AC_DEFINE([HAVE_MEMORY_CONSTRAINT], [],  [Abort if size exceeds 16384x16384 (for fuzzing only)])
+fi
+
 dnl --------------------------------------------------
 dnl Overall build configuration options
 dnl --------------------------------------------------
@@ -623,6 +632,7 @@ AC_MSG_RESULT([
     Encoding support: ........... ${ac_enable_encode}
     Assembly optimization: ...... ${cpu_optimization}
     Debugging telemetry: ........ ${ac_enable_telemetry}
+    Abort on huge files: ........ ${ac_enable_mem_constraint}
     Build example code: ......... ${ac_enable_examples}
     API Documentation: .......... ${doc_build}
     Format Documentation: ....... ${spec_build}
diff --git a/lib/decinfo.c b/lib/decinfo.c
index 80e3f03e08014c8f4c1d3dbe01d90e9c2f195d11..1005e1035cac66c8c5bf74ce463c26bbfd073f1a 100644
--- a/lib/decinfo.c
+++ b/lib/decinfo.c
@@ -20,6 +20,11 @@
 #include <limits.h>
 #include "decint.h"
 
+/*Only used for fuzzing.*/
+#if defined(HAVE_MEMORY_CONSTRAINT)
+static const int MAX_FUZZING_WIDTH = 16384;
+static const int MAX_FUZZING_HEIGHT = 16384;
+#endif
 
 
 /*Unpacks a series of octets from a given byte array into the pack buffer.
@@ -82,6 +87,11 @@ static int oc_info_unpack(oc_pack_buf *_opb,th_info *_info){
    _info->fps_numerator==0||_info->fps_denominator==0){
     return TH_EBADHEADER;
   }
+#if defined(HAVE_MEMORY_CONSTRAINT)
+  if(_info->frame_width>=MAX_FUZZING_WIDTH&&_info->frame_height>=MAX_FUZZING_HEIGHT){
+    return TH_EBADHEADER;
+  }
+#endif
   /*Note: The sense of pic_y is inverted in what we pass back to the
      application compared to how it is stored in the bitstream.
     This is because the bitstream uses a right-handed coordinate system, while