diff --git a/lib11sht.c b/lib11sht.c
index 342d149..1a1f2c0 100644
--- a/lib11sht.c
+++ b/lib11sht.c
@@ -93,14 +93,20 @@ static float shit11(char *s1, char *s2)
     int len1, len2;
     int i, j, cost;
 
-    len1 = strlen(s1);
-    len2 = strlen(s2);
+    /* strnlen guards against missing NUL (no read past LEVN_SBUFF) */
+    len1 = (int)strnlen(s1, LEVN_SBUFF);
+    len2 = (int)strnlen(s2, LEVN_SBUFF);
 
     if(len1 == 0 && len2 == 0)
         return 1.0;                 /* both empty == identical */
     if(len1 == 0 || len2 == 0)
         return 0.0;                 /* one empty == no similarity */
 
+    /* Defensive cap: refuse to allocate too-large VLA. Bounds the stack
+     * matrix at LEVN_SBUFF × LEVN_SBUFF × sizeof(int) = ~256 KB worst case. */
+    if(len1 >= LEVN_SBUFF || len2 >= LEVN_SBUFF)
+        return 0.0;                 /* treat as "completely dissimilar" */
+
     int d[len1+1][len2+1];
 
     for(i=0; i<=len1; i++)