diff --git a/core/src/main/java/org/jruby/util/IOInputStream.java b/core/src/main/java/org/jruby/util/IOInputStream.java
index 46884ad0550e..2a7703ad759a 100644
--- a/core/src/main/java/org/jruby/util/IOInputStream.java
+++ b/core/src/main/java/org/jruby/util/IOInputStream.java
@@ -141,8 +141,15 @@ public int read(byte[] b, int off, int len) throws IOException {
         if (readValue.isNil()) return -1;
 
         ByteList str = readValue.convertToString().getByteList();
-        System.arraycopy(str.getUnsafeBytes(), str.getBegin(), b, off, str.getRealSize());
 
-        return str.getRealSize();
+        int readSize = str.realSize();
+
+        if (readSize > len) {
+            throw runtime.newIOError("read call of " + len + " bytes produced a String of length " + readSize);
+        }
+
+        System.arraycopy(str.getUnsafeBytes(), str.getBegin(), b, off, readSize);
+
+        return readSize;
      }
 }