diff --git a/platforms/app_fuzz/fuzzer.c b/platforms/app_fuzz/fuzzer.c
index c51f4c4..76e236b 100644
--- a/platforms/app_fuzz/fuzzer.c
+++ b/platforms/app_fuzz/fuzzer.c
@@ -22,7 +22,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
     IM3Environment env = m3_NewEnvironment ();
     if (env) {
-        IM3Runtime runtime = m3_NewRuntime (env, 64*1024, NULL);
+        IM3Runtime runtime = m3_NewRuntime (env, 128, NULL);
         if (runtime) {
             IM3Module module = NULL;
             result = m3_ParseModule (env, &module, data, size);
diff --git a/source/m3_compile.c b/source/m3_compile.c
index 8f2a8a0..884386e 100644
--- a/source/m3_compile.c
+++ b/source/m3_compile.c
@@ -2469,6 +2469,9 @@ _   (EmitOp (o, op_Entry));
 
 _   (Compile_BlockStatements (o));
 
+    // TODO: validate opcode sequences
+    _throwif(m3Err_wasmMalformed, o->previousOpcode != c_waOp_end);
+
     io_function->compiled = pc;
 
     u16 numConstantSlots = o->slotMaxConstIndex - o->slotFirstConstIndex;       m3log (compile, "unique constant slots: %d; unused slots: %d", numConstantSlots, o->slotFirstDynamicIndex - o->slotMaxConstIndex);
diff --git a/source/m3_env.c b/source/m3_env.c
index 68852a5..fc149e6 100644
--- a/source/m3_env.c
+++ b/source/m3_env.c
@@ -177,7 +177,7 @@ IM3Runtime  m3_NewRuntime  (IM3Environment i_environment, u32 i_stackSizeInBytes
         runtime->environment = i_environment;
         runtime->userdata = i_userdata;
 
-        runtime->stack = m3_Malloc (i_stackSizeInBytes);
+        runtime->stack = m3_Malloc (i_stackSizeInBytes + 4*sizeof (m3slot_t)); // TODO: more precise stack checks
 
         if (runtime->stack)
         {