diff --git a/mongoose.c b/mongoose.c
index 589ec7fa3e51aebe06c0b2822f3832d49dc14148..34f0e657132b4aadb989d2f8a23e5f5e1f40ccf3 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -6311,6 +6311,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
     n *= 16;
     n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
     i++;
+    if (i > 6) {
+      /* Chunk size is unreasonable. */
+      return 0;
+    }
   }
 
   /* Skip new line */
diff --git a/src/mg_http.c b/src/mg_http.c
index af94b7311ea98eb6984584faa39eeb0fcdd68278..f8161a4b478700ffab9e3712771a57c71309df64 100644
--- a/src/mg_http.c
+++ b/src/mg_http.c
@@ -564,6 +564,10 @@ static size_t mg_http_parse_chunk(char *buf, size_t len, char **chunk_data,
     n *= 16;
     n += (s[i] >= '0' && s[i] <= '9') ? s[i] - '0' : tolower(s[i]) - 'a' + 10;
     i++;
+    if (i > 6) {
+      /* Chunk size is unreasonable. */
+      return 0;
+    }
   }
 
   /* Skip new line */