diff --git a/test/org/jetbrains/java/decompiler/BulkDecompilationTest.java b/test/org/jetbrains/java/decompiler/BulkDecompilationTest.java
index cde579613..03500f2db 100644
--- a/test/org/jetbrains/java/decompiler/BulkDecompilationTest.java
+++ b/test/org/jetbrains/java/decompiler/BulkDecompilationTest.java
@@ -76,6 +76,9 @@ private static void unpack(File archive, File targetDir) {
         ZipEntry entry = entries.nextElement();
         if (!entry.isDirectory()) {
           File file = new File(targetDir, entry.getName());
+          if (!file.toPath().normalize().startsWith(targetDir.toPath().normalize())) {
+            throw new RuntimeException("Bad zip entry");
+          }
           assertTrue(file.getParentFile().mkdirs() || file.getParentFile().isDirectory());
           try (InputStream in = zip.getInputStream(entry); OutputStream out = new FileOutputStream(file)) {
             InterpreterUtil.copyStream(in, out);
@@ -87,4 +90,4 @@ private static void unpack(File archive, File targetDir) {
       throw new RuntimeException(e);
     }
   }
-}
\ No newline at end of file
+}