diff --git a/.github/workflows/fuzz.yaml b/.github/workflows/fuzz.yaml
index 27089983..8df8a5a7 100644
--- a/.github/workflows/fuzz.yaml
+++ b/.github/workflows/fuzz.yaml
@@ -24,7 +24,10 @@ jobs:
         run: cargo install cargo-fuzz
 
       - name: Fuzz
-        run: cargo fuzz run bytes -- -max_total_time=1800 # 30 minutes
+        # run for 30 minutes with a 2GB memory limit and a maximum input length of 2048 bytes
+        # the maximum input length is set so that the formatter's size limiter will prevent
+        # allocating more memory than the memory limit
+        run: cargo fuzz run bytes -- -max_total_time=1800 -rss_limit_mb=2048 -max_len=2048
 
   string:
     name: Fuzz string
@@ -46,4 +49,7 @@ jobs:
         run: cargo install cargo-fuzz
 
       - name: Fuzz
-        run: cargo fuzz run string -- -max_total_time=1800 # 30 minutes
+        # run for 30 minutes with a 2GB memory limit and a maximum input length of 2048 bytes
+        # the maximum input length is set so that the formatter's size limiter will prevent
+        # allocating more memory than the memory limit
+        run: cargo fuzz run string -- -max_total_time=1800 -rss_limit_mb=2048 -max_len=2048
diff --git a/fuzz/fuzz_targets/bytes.rs b/fuzz/fuzz_targets/bytes.rs
index 13498ad2..1b31a0de 100644
--- a/fuzz/fuzz_targets/bytes.rs
+++ b/fuzz/fuzz_targets/bytes.rs
@@ -7,6 +7,8 @@ use mock::MockTime;
 
 fuzz_target!(|data: (MockTime, &[u8])| {
     let (time, format) = data;
+    let _ignored = strftime::bytes::strftime(&time, format);
+
     // Give each fuzzer input a 16kb buffer to write to.
     let mut buf = vec![0u8; 16 * 1024].into_boxed_slice();
     let _ignored = strftime::buffered::strftime(&time, format, &mut buf[..]);
diff --git a/fuzz/fuzz_targets/string.rs b/fuzz/fuzz_targets/string.rs
index e1c09489..1196b129 100644
--- a/fuzz/fuzz_targets/string.rs
+++ b/fuzz/fuzz_targets/string.rs
@@ -30,6 +30,8 @@ impl<'a> fmt::Write for LimitedBuf<'a> {
 
 fuzz_target!(|data: (MockTime, &str)| {
     let (time, format) = data;
+    let _ignored = strftime::string::strftime(&time, format);
+
     // Give each fuzzer input a 16kb buffer to write to.
     let mut buf = vec![0u8; 16 * 1024].into_boxed_slice();
 
diff --git a/src/format/mod.rs b/src/format/mod.rs
index 17768d8c..20bc7ba3 100644
--- a/src/format/mod.rs
+++ b/src/format/mod.rs
@@ -787,6 +787,7 @@ impl<'t, 'f, T: CheckedTime> TimeFormatter<'t, 'f, T> {
 
         // Use a size limiter to limit the maximum size of the resulting
         // formatted string
+        // Ref: <https://github.com/ruby/ruby/blob/v3_4_2/strftime.c#L921-L928>
         let size_limit = self.format.len().saturating_mul(512 * 1024);
         let mut f = SizeLimiter::new(buf, size_limit);
 
diff --git a/src/tests/format.rs b/src/tests/format.rs
index 7a7a693a..bdef1076 100644
--- a/src/tests/format.rs
+++ b/src/tests/format.rs
@@ -795,6 +795,11 @@ fn test_format_invalid() {
         let err = get_format_err(&time, format);
         assert!(matches!(err, Error::InvalidFormatString));
     }
+
+    for format in ["\0%", "\0%-4", "\0%-", "\0%-_"] {
+        let err = get_format_err(&time, format);
+        assert!(matches!(err, Error::InvalidFormatString));
+    }
 }
 
 #[test]