diff --git a/nbt/nbt_test.go b/nbt/nbt_test.go
index 687a2aa..8055afe 100644
--- a/nbt/nbt_test.go
+++ b/nbt/nbt_test.go
@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"compress/gzip"
 	"io"
+	"math"
 	"reflect"
 	"testing"
 )
@@ -235,6 +236,35 @@ func TestMarshal_bigTest(t *testing.T) {
 	}
 }
 
+func TestDecoder_overRead(t *testing.T) {
+	const tail = 16
+	// Uncompressed NBT
+	enc := []byte{
+		TagCompound, 0, 1, 'A',
+		TagString, 0, 1, 'B', 0, 0,
+		TagEnd,
+	}
+	dataLen := len(enc)
+	// these zeros are honeypot, we should not read them
+	enc = append(enc, make([]byte, tail)...)
+
+	var value struct {
+		B string
+	}
+
+	r := bytes.NewReader(enc)
+	// Count read bytes by using io.LimitReader
+	rr := io.LimitReader(r, math.MaxInt64).(*io.LimitedReader)
+	if err := NewDecoder(rr).Decode(&value); err != nil {
+		t.Fatal(err)
+	}
+
+	readBytesNum := math.MaxInt64 - rr.N
+	if readBytesNum > int64(dataLen) || r.Len() < tail {
+		t.Errorf("Over read! nbt length: %d, but you read %d", dataLen, readBytesNum)
+	}
+}
+
 func TestUnmarshal_IntArray(t *testing.T) {
 	data := []byte{
 		TagIntArray, 0, 0,