diff --git a/vtest/vtest.h b/vtest/vtest.h
index e294b4a..59a37fe 100644
--- a/vtest/vtest.h
+++ b/vtest/vtest.h
@@ -71,5 +71,7 @@ int vtest_protocol_version(uint32_t length_dw);
 
 void vtest_destroy_renderer(void);
 
+void vtest_set_max_length(uint32_t length);
+
 #endif
 
diff --git a/vtest/vtest_fuzzer.c b/vtest/vtest_fuzzer.c
index c05dc13..c9eaeb4 100644
--- a/vtest/vtest_fuzzer.c
+++ b/vtest/vtest_fuzzer.c
@@ -140,6 +140,9 @@ static void vtest_fuzzer_run_renderer(int out_fd, struct vtest_input *input,
 
 int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 {
+   /* Limit unbounded allocations under fuzzer default limits. */
+   vtest_set_max_length(256 * 1024 * 1024);
+
    int out_fd = open("/dev/null", O_WRONLY);
 
    struct vtest_buffer buffer;
diff --git a/vtest/vtest_renderer.c b/vtest/vtest_renderer.c
index 270d695..fc99c76 100644
--- a/vtest/vtest_renderer.c
+++ b/vtest/vtest_renderer.c
@@ -49,6 +49,7 @@
 
 static int ctx_id = 1;
 static int fence_id = 1;
+static uint32_t max_length = UINT_MAX;
 
 static int last_fence;
 static void vtest_write_fence(UNUSED void *cookie, uint32_t fence_id_in)
@@ -221,6 +222,10 @@ int vtest_create_renderer(struct vtest_input *input, int out_fd, uint32_t length
       return -1;
    }
 
+   if (length > 1024 * 1024) {
+      return -1;
+   }
+
    vtestname = calloc(1, length + 1);
    if (!vtestname) {
       return -1;
@@ -520,7 +525,7 @@ int vtest_submit_cmd(uint32_t length_dw)
    uint32_t *cbuf;
    int ret;
 
-   if (length_dw > UINT_MAX / 4) {
+   if (length_dw > max_length / 4) {
       return -1;
    }
 
@@ -576,6 +581,10 @@ int vtest_transfer_get(UNUSED uint32_t length_dw)
 
    DECODE_TRANSFER;
 
+   if (data_size > max_length) {
+      return -ENOMEM;
+   }
+
    ptr = malloc(data_size);
    if (!ptr) {
       return -ENOMEM;
@@ -619,6 +628,10 @@ int vtest_transfer_get_nop(UNUSED uint32_t length_dw)
 
    DECODE_TRANSFER;
 
+   if (data_size > max_length) {
+      return -ENOMEM;
+   }
+
    ptr = malloc(data_size);
    if (!ptr) {
       return -ENOMEM;
@@ -651,6 +664,10 @@ int vtest_transfer_put(UNUSED uint32_t length_dw)
 
    DECODE_TRANSFER;
 
+   if (data_size > max_length) {
+      return -ENOMEM;
+   }
+
    ptr = malloc(data_size);
    if (!ptr) {
       return -ENOMEM;
@@ -697,6 +714,10 @@ int vtest_transfer_put_nop(UNUSED uint32_t length_dw)
 
    DECODE_TRANSFER;
 
+   if (data_size > max_length) {
+      return -ENOMEM;
+   }
+
    ptr = malloc(data_size);
    if (!ptr) {
       return -ENOMEM;
@@ -924,3 +945,8 @@ int vtest_poll(void)
    virgl_renderer_poll();
    return 0;
 }
+
+void vtest_set_max_length(uint32_t length)
+{
+   max_length = length;
+}