diff -rup libmspack-0.5alpha/mspack/lzxd.c libmspack-0.5alpha-new/mspack/lzxd.c
--- libmspack-0.5alpha/mspack/lzxd.c	2015-01-18 06:37:43.000000000 -0800
+++ libmspack-0.5alpha-new/mspack/lzxd.c	2018-05-21 17:15:41.434134846 -0700
@@ -766,6 +766,11 @@ int lzxd_decompress(struct lzxd_stream *
       case LZX_BLOCKTYPE_UNCOMPRESSED:
 	/* as this_run is limited not to wrap a frame, this also means it
 	 * won't wrap the window (as the window is a multiple of 32k) */
+        if (window_posn + this_run > lzx->window_size) {
+                D(("match ran over window boundary"))
+                return lzx->error = MSPACK_ERR_DECRUNCH;
+        }
+
 	rundest = &window[window_posn];
 	window_posn += this_run;
 	while (this_run > 0) {
@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx)
   struct mspack_system *sys;
   if (lzx) {
     sys = lzx->sys;
-    sys->free(lzx->inbuf);
-    sys->free(lzx->window);
+    if(lzx->inbuf)
+        sys->free(lzx->inbuf);
+    if(lzx->window)
+        sys->free(lzx->window);
     sys->free(lzx);
   }
 }