diff --git a/Minecraft.Client/LocalPlayer.cpp b/Minecraft.Client/LocalPlayer.cpp
index cfcf85acc..d743543e5 100644
--- a/Minecraft.Client/LocalPlayer.cpp
+++ b/Minecraft.Client/LocalPlayer.cpp
@@ -278,7 +278,7 @@ void LocalPlayer::aiStep()
 	}
 	if (isSneaking()) sprintTriggerTime = 0;
 #ifdef _WINDOWS64
-	if (input->sprinting && onGround && enoughFoodToSprint && !isUsingItem() && !hasEffect(MobEffect::blindness) && !isSneaking())
+	if (input->sprinting && !isSprinting() && onGround && enoughFoodToSprint && !isUsingItem() && !hasEffect(MobEffect::blindness) && !isSneaking())
 	{
 		setSprinting(true);
 	}
diff --git a/Minecraft.World/BlockRegionUpdatePacket.cpp b/Minecraft.World/BlockRegionUpdatePacket.cpp
index bec943d8d..afac43685 100644
--- a/Minecraft.World/BlockRegionUpdatePacket.cpp
+++ b/Minecraft.World/BlockRegionUpdatePacket.cpp
@@ -103,6 +103,12 @@ void BlockRegionUpdatePacket::read(DataInputStream *dis) //throws IOException
 	levelIdx = ( size >> 30 ) & 3;
 	size &= 0x3fffffff;
 
+	const int MAX_COMPRESSED_CHUNK_SIZE = 5 * 1024 * 1024;
+	if(size < 0 || size > MAX_COMPRESSED_CHUNK_SIZE)
+	{
+		size = 0;
+	}
+
 	if(size == 0)
 	{
 		buffer = byteArray();
@@ -131,7 +137,10 @@ void BlockRegionUpdatePacket::read(DataInputStream *dis) //throws IOException
 	
 
 		delete [] compressedBuffer.data;
-		assert(buffer.length == outputSize);
+		if(buffer.length != outputSize)
+		{
+			app.DebugPrintf("BlockRegionUpdatePacket: decompressed size mismatch (expected %d, got %d)\n", buffer.length, outputSize);
+		}
 	}
 }
 
diff --git a/Minecraft.World/TextureAndGeometryPacket.cpp b/Minecraft.World/TextureAndGeometryPacket.cpp
index d28fc8628..8cbe8d6d7 100644
--- a/Minecraft.World/TextureAndGeometryPacket.cpp
+++ b/Minecraft.World/TextureAndGeometryPacket.cpp
@@ -121,7 +121,17 @@ void TextureAndGeometryPacket::read(DataInputStream *dis) //throws IOException
 {
 	textureName = dis->readUTF();
 	dwSkinID = (DWORD)dis->readInt();
-	dwTextureBytes = (DWORD)dis->readShort();
+	
+	short rawTextureBytes = dis->readShort();
+	if(rawTextureBytes <= 0)
+	{
+		dwTextureBytes = 0;
+	}
+	else
+	{
+		dwTextureBytes = (DWORD)(unsigned short)rawTextureBytes;
+		if(dwTextureBytes > 65536) dwTextureBytes = 0;
+	}
 
 	if(dwTextureBytes>0)
 	{
@@ -134,7 +144,16 @@ void TextureAndGeometryPacket::read(DataInputStream *dis) //throws IOException
 	}
 	uiAnimOverrideBitmask = dis->readInt();
 
-	dwBoxC = (DWORD)dis->readShort();
+	short rawBoxC = dis->readShort();
+	if(rawBoxC <= 0)
+	{
+		dwBoxC = 0;
+	}
+	else
+	{
+		dwBoxC = (DWORD)(unsigned short)rawBoxC;
+		if(dwBoxC > 256) dwBoxC = 0; // sane limit for skin boxes
+	}
 
 	if(dwBoxC>0)
 	{
diff --git a/Minecraft.World/TexturePacket.cpp b/Minecraft.World/TexturePacket.cpp
index 77dfdc38c..a057c7173 100644
--- a/Minecraft.World/TexturePacket.cpp
+++ b/Minecraft.World/TexturePacket.cpp
@@ -37,16 +37,24 @@ void TexturePacket::handle(PacketListener *listener)
 void TexturePacket::read(DataInputStream *dis) //throws IOException
 {
 	textureName = dis->readUTF();
-	dwBytes = (DWORD)dis->readShort();
-
-	if(dwBytes>0)
+	short rawBytes = dis->readShort();
+	if(rawBytes <= 0)
+	{
+		dwBytes = 0;
+		return;
+	}
+	dwBytes = (DWORD)(unsigned short)rawBytes;
+	if(dwBytes > 65536)
 	{
-		this->pbData= new BYTE [dwBytes];
+		dwBytes = 0;
+		return;
+	}
+	
+	this->pbData= new BYTE [dwBytes];
 
-		for(DWORD i=0;i<dwBytes;i++)
-		{
-			this->pbData[i] = dis->readByte();
-		}
+	for(DWORD i=0;i<dwBytes;i++)
+	{
+		this->pbData[i] = dis->readByte();
 	}
 }
 
diff --git a/Minecraft.World/compression.cpp b/Minecraft.World/compression.cpp
index 99c5228ab..7413f7f35 100644
--- a/Minecraft.World/compression.cpp
+++ b/Minecraft.World/compression.cpp
@@ -196,9 +196,20 @@ HRESULT Compression::DecompressLZXRLE(void *pDestination, unsigned int *pDestSiz
 	unsigned int rleSize = staticRleSize;
 	unsigned char *dynamicRleBuf = NULL;
 
-	if(*pDestSize > rleSize)
+
+	unsigned int safeRleSize = max(rleSize, *pDestSize);
+
+	const unsigned int MAX_RLE_ALLOC = 16 * 1024 * 1024; // 16 MB
+	if(safeRleSize > MAX_RLE_ALLOC)
 	{
-		rleSize = *pDestSize;
+		LeaveCriticalSection(&rleDecompressLock);
+		*pDestSize = 0;
+		return E_FAIL;
+	}
+
+	if(safeRleSize > staticRleSize)
+	{
+		rleSize = safeRleSize;
 		dynamicRleBuf = new unsigned char[rleSize];
 		Decompress(dynamicRleBuf, &rleSize, pSource, SrcSize);
 		pucIn = (unsigned char *)dynamicRleBuf;
@@ -212,16 +223,19 @@ HRESULT Compression::DecompressLZXRLE(void *pDestination, unsigned int *pDestSiz
 	//unsigned char *pucIn = (unsigned char *)rleDecompressBuf;
 	unsigned char *pucEnd = pucIn + rleSize;
 	unsigned char *pucOut = (unsigned char *)pDestination;
+	unsigned char *pucOutEnd = pucOut + *pDestSize;
 
 	while( pucIn != pucEnd )
 	{
 		unsigned char thisOne = *pucIn++;
 		if( thisOne == 255 )
 		{
+			if( pucIn >= pucEnd ) break;
 			unsigned int count = *pucIn++;
 			if( count < 3 )
 			{
 				count++;
+				if( pucOut + count > pucOutEnd ) { pucOut = pucOutEnd; break; }
 				for( unsigned int i = 0; i < count; i++ )
 				{
 					*pucOut++ = 255;
@@ -230,7 +244,9 @@ HRESULT Compression::DecompressLZXRLE(void *pDestination, unsigned int *pDestSiz
 			else
 			{
 				count++;
+				if( pucIn >= pucEnd ) break;
 				unsigned char data = *pucIn++;
+				if( pucOut + count > pucOutEnd ) { pucOut = pucOutEnd; break; }
 				for( unsigned int i = 0; i < count; i++ )
 				{
 					*pucOut++ = data;
@@ -239,6 +255,7 @@ HRESULT Compression::DecompressLZXRLE(void *pDestination, unsigned int *pDestSiz
 		}
 		else
 		{
+			if( pucOut >= pucOutEnd ) break;
 			*pucOut++ = thisOne;
 		}
 	}
@@ -260,16 +277,19 @@ HRESULT Compression::DecompressRLE(void *pDestination, unsigned int *pDestSize,
 	unsigned char *pucIn  = (unsigned char *)pSource;
 	unsigned char *pucEnd = pucIn + SrcSize;
 	unsigned char *pucOut = (unsigned char *)pDestination;
+	unsigned char *pucOutEnd = pucOut + *pDestSize;
 
 	while( pucIn != pucEnd )
 	{
 		unsigned char thisOne = *pucIn++;
 		if( thisOne == 255 )
 		{
+			if( pucIn >= pucEnd ) break;
 			unsigned int count = *pucIn++;
 			if( count < 3 )
 			{
 				count++;
+				if( pucOut + count > pucOutEnd ) { pucOut = pucOutEnd; break; }
 				for( unsigned int i = 0; i < count; i++ )
 				{
 					*pucOut++ = 255;
@@ -278,7 +298,9 @@ HRESULT Compression::DecompressRLE(void *pDestination, unsigned int *pDestSize,
 			else
 			{
 				count++;
+				if( pucIn >= pucEnd ) break;
 				unsigned char data = *pucIn++;
+				if( pucOut + count > pucOutEnd ) { pucOut = pucOutEnd; break; }
 				for( unsigned int i = 0; i < count; i++ )
 				{
 					*pucOut++ = data;
@@ -287,6 +309,7 @@ HRESULT Compression::DecompressRLE(void *pDestination, unsigned int *pDestSize,
 		}
 		else
 		{
+			if( pucOut >= pucOutEnd ) break;
 			*pucOut++ = thisOne;
 		}
 	}
@@ -542,5 +565,3 @@ void Compression::SetDecompressionType(ESavePlatform platform)
 }
 
 /*Compression gCompression;*/
-
-