diff --git a/quickjs.c b/quickjs.c
index 90e9729..4f4fc95 100644
--- a/quickjs.c
+++ b/quickjs.c
@@ -35571,8 +35571,13 @@ static int JS_ReadObjectAtoms(BCReaderState *s)
     }
     if (bc_get_leb128(s, &s->idx_to_atom_count))
         return -1;
+    if (s->idx_to_atom_count > 1000*1000) {
+        JS_ThrowInternalError(s->ctx, "unreasonable atom count: %u",
+                              s->idx_to_atom_count);
+        return -1;
+    }
 
-    bc_read_trace(s, "%d atom indexes {\n", s->idx_to_atom_count);
+    bc_read_trace(s, "%u atom indexes {\n", s->idx_to_atom_count);
 
     if (s->idx_to_atom_count != 0) {
         s->idx_to_atom = js_mallocz(s->ctx, s->idx_to_atom_count *
diff --git a/tests/test_bjson.js b/tests/test_bjson.js
index c1f72bb..9409676 100644
--- a/tests/test_bjson.js
+++ b/tests/test_bjson.js
@@ -231,6 +231,7 @@ function bjson_test_fuzz()
 {
     var corpus = [
         "EBAAAAAABGA=",
+        "EObm5oIt",
     ];
     for (var input of corpus) {
         var buf = base64decode(input);