diff --git a/tape/dynamic.go b/tape/dynamic.go
index 01345ea..5ef9f7c 100644
--- a/tape/dynamic.go
+++ b/tape/dynamic.go
@@ -145,7 +145,11 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		n += nn; if err != nil { return n, err }
 	case SBA:
 		// SBA: <data: U8>*
-		buffer := make([]byte, tag.CN())
+		length := tag.CN()
+		if length > MaxStructureLength {
+			return 0, ErrTooLong
+		}
+		buffer := make([]byte, length)
 		nn, err := decoder.Read(buffer)
 		n += nn; if err != nil { return n, err }
 		setByteArray(destination, buffer)
@@ -153,6 +157,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// LBA: <length: UN> <data: U8>*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		buffer := make([]byte, length)
 		nn, err = decoder.Read(buffer)
 		n += nn; if err != nil { return n, err }
@@ -161,6 +168,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// OTA: <length: UN> <elementTag: tape.Tag> <values>*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		oneTag, nn, err := decoder.ReadTag()
 		n += nn; if err != nil { return n, err }
 		if destination.Cap() < int(length) {
@@ -191,6 +201,9 @@ func decodeAnyOrError(decoder *Decoder, destination reflect.Value, tag Tag) (n i
 		// KTV: <length: UN> (<key: U16> <tag: Tag> <value>)*
 		length, nn, err := decoder.ReadUintN(tag.CN() + 1)
 		n += nn; if err != nil { return n, err }
+		if length > uint64(MaxStructureLength) {
+			return 0, ErrTooLong
+		}
 		destination.Clear()
 		for _ = range length {
 			key, nn, err := decoder.ReadUint16()