diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 0e0b3a2..595791d 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -104,6 +104,7 @@ ngx_int_t
 ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
 {
     u_char  c, ch, *p, *m;
+    ngx_uint_t cpt=0;
     enum {
         sw_start = 0,
         sw_method,
@@ -723,6 +724,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
             }
 
             r->http_major = ch - '0';
+            cpt = 1;
             state = sw_major_digit;
             break;
 
@@ -733,11 +735,12 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 break;
             }
 
-            if (ch < '0' || ch > '9') {
+            if (ch < '0' || ch > '9' || cpt > 3) {
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
             r->http_major = r->http_major * 10 + ch - '0';
+            cpt++;
             break;
 
         /* first digit of minor HTTP version */
@@ -747,6 +750,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
             }
 
             r->http_minor = ch - '0';
+            cpt = 1;
             state = sw_minor_digit;
             break;
 
@@ -766,11 +770,12 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
                 break;
             }
 
-            if (ch < '0' || ch > '9') {
+            if (ch < '0' || ch > '9' || cpt > 3) {
                 return NGX_HTTP_PARSE_INVALID_REQUEST;
             }
 
             r->http_minor = r->http_minor * 10 + ch - '0';
+            cpt++;
             break;
 
         case sw_spaces_after_digit:

-----------------------------8372063701935580560345663874
Content-Disposition: form-data; name="description"

limit number of supported digits in http major version to avoid int16 overflow leading to 0 in major verion