diff --git a/libs/fst/00_PATCH_wx_len_overread.patch b/libs/fst/00_PATCH_wx_len_overread.patch
new file mode 100644
index 000000000..7fba1c2d6
--- /dev/null
+++ b/libs/fst/00_PATCH_wx_len_overread.patch
@@ -0,0 +1,10 @@
+--- fstapi.cc
++++ fstapi.cc
+@@ -6072,6 +6072,7 @@ for(;;)
+                                                                 }
+ 
+                                                         wx_len = snprintf(wx_buf, 32, "r%.16g", d);
++                                                        if (wx_len > 32 || wx_len < 0) wx_len = 32;
+                                                         fstWritex(xc, wx_buf, wx_len);
+                                                         }
+                                                 }
diff --git a/libs/fst/00_UPDATE.sh b/libs/fst/00_UPDATE.sh
index 7ab74d7cd..66a0fd8df 100755
--- a/libs/fst/00_UPDATE.sh
+++ b/libs/fst/00_UPDATE.sh
@@ -18,3 +18,4 @@ sed -i -e 's,"fastlz.c","fastlz.cc",' *.cc *.h
 patch -p0 < 00_PATCH_win_zlib.patch
 patch -p0 < 00_PATCH_win_io.patch
 patch -p1 < 00_PATCH_strict_alignment.patch
+patch -p0 < 00_PATCH_wx_len_overread.patch
diff --git a/libs/fst/fstapi.cc b/libs/fst/fstapi.cc
index dc52c3c09..ab3c54469 100644
--- a/libs/fst/fstapi.cc
+++ b/libs/fst/fstapi.cc
@@ -6072,6 +6072,7 @@ for(;;)
                                                                 }
 
                                                         wx_len = snprintf(wx_buf, 32, "r%.16g", d);
+                                                        if (wx_len > 32 || wx_len < 0) wx_len = 32;
                                                         fstWritex(xc, wx_buf, wx_len);
                                                         }
                                                 }