diff --git a/fuzzer/data/crash-2109da83096efe2ad6c43f5648cc2ca25c4cacab b/fuzzer/data/crash-2109da83096efe2ad6c43f5648cc2ca25c4cacab
new file mode 100644
index 0000000000..ea19bb2188
Binary files /dev/null and b/fuzzer/data/crash-2109da83096efe2ad6c43f5648cc2ca25c4cacab differ
diff --git a/wsd/ClientSession.cpp b/wsd/ClientSession.cpp
index ef05bf09cc..718da005d2 100644
--- a/wsd/ClientSession.cpp
+++ b/wsd/ClientSession.cpp
@@ -775,6 +775,16 @@ bool ClientSession::_handleInput(const char *buffer, int length)
                 _splitY = splitY;
             }
 
+            // Untrusted user input, make sure these are not negative.
+            if (width < 0)
+            {
+                width = 0;
+            }
+            if (height < 0)
+            {
+                height = 0;
+            }
+
             _clientVisibleArea = Util::Rectangle(x, y, width, height);
             return forwardToChild(std::string(buffer, length), docBroker);
         }