diff --git a/xs_json.h b/xs_json.h
index 6af47a2..c28f5d5 100644
--- a/xs_json.h
+++ b/xs_json.h
@@ -238,20 +238,39 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t)
                 case 't': c = '\t'; break;
                 case 'u': /* Unicode codepoint as an hex char */
                     s++;
-                    memcpy(tmp, s, 4);
-                    s += 3;
+                    strncpy(tmp, s, 4);
                     tmp[4] = '\0';
 
+                    if (strlen(tmp) != 4) {
+                        *t = JS_ERROR;
+                        break;
+                    }
+
+                    s += 3; /* skip as it was one byte */
+
                     sscanf(tmp, "%04x", &i);
 
                     if (i >= 0xd800 && i <= 0xdfff) {
                         /* it's a surrogate pair */
                         cp = (i & 0x3ff) << 10;
 
-                        /* skip to the next value */
-                        s += 3;
-                        memcpy(tmp, s, 4);
-                        s += 3;
+                        /* skip to the next value (last char + \ + u)  */
+                        s++;
+                        if (memcmp(s, "\\u", 2) != 0) {
+                            *t = JS_ERROR;
+                            break;
+                        }
+                        s += 2;
+
+                        strncpy(tmp, s, 4);
+                        tmp[4] = '\0';
+
+                        if (strlen(tmp) != 4) {
+                            *t = JS_ERROR;
+                            break;
+                        }
+
+                        s += 3; /* skip as it was one byte */
 
                         sscanf(tmp, "%04x", &i);
                         cp |= (i & 0x3ff);
diff --git a/xs_version.h b/xs_version.h
index 4c842e3..fce4f34 100644
--- a/xs_version.h
+++ b/xs_version.h
@@ -1 +1 @@
-/* 333e84c76cd0e51f9f98a36df2eb3bf81e0d2608 */
+/* 494e346f92431041350f72431417eee03a23eafd */