diff --git a/ChangeLog b/ChangeLog
index 1038a6acdf..aa9a2aaab8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Fri Dec 18 16:50:35 2015  Koichi Sasada  <ko1@atdot.net>
+
+	* compile.c (ibf_load_setup): check tainted string argument.
+
 Fri Dec 18 16:12:13 2015  Koichi Sasada  <ko1@atdot.net>
 
 	* vm_core.h: define USE_LAZY_LOAD if it is not defined.
diff --git a/compile.c b/compile.c
index 995ff8930c..f858fbb681 100644
--- a/compile.c
+++ b/compile.c
@@ -8203,6 +8203,8 @@ ibf_load_iseq(const struct ibf_load *load, const rb_iseq_t *index_iseq)
 static void
 ibf_load_setup(struct ibf_load *load, VALUE loader_obj, VALUE str)
 {
+    rb_check_safe_obj(str);
+
     if (RSTRING_LENINT(str) < (int)sizeof(struct ibf_header)) {
 	rb_raise(rb_eRuntimeError, "broken binary format");
     }