diff --git a/Userland/Libraries/LibWasm/Constants.h b/Userland/Libraries/LibWasm/Constants.h
index 459a4a95a9..de2e8481eb 100644
--- a/Userland/Libraries/LibWasm/Constants.h
+++ b/Userland/Libraries/LibWasm/Constants.h
@@ -40,5 +40,6 @@ static constexpr auto page_size = 64 * KiB;
 // These are not concretely defined by the spec, so the values are only defined by us.
 static constexpr auto minimum_stack_space_to_keep_free = 256 * KiB; // Note: Value is arbitrary and chosen by testing with ASAN
 static constexpr auto max_allowed_executed_instructions_per_call = 256 * 1024 * 1024;
+static constexpr auto max_allowed_function_locals_per_type = 420; // Note: VERY arbitrary.
 
 }
diff --git a/Userland/Libraries/LibWasm/Parser/Parser.cpp b/Userland/Libraries/LibWasm/Parser/Parser.cpp
index 0560c9e1d5..53c95522da 100644
--- a/Userland/Libraries/LibWasm/Parser/Parser.cpp
+++ b/Userland/Libraries/LibWasm/Parser/Parser.cpp
@@ -1091,7 +1091,10 @@ ParseResult<Locals> Locals::parse(InputStream& stream)
     size_t count;
     if (!LEB128::read_unsigned(stream, count))
         return with_eof_check(stream, ParseError::InvalidSize);
-    // TODO: Disallow too many entries.
+
+    if (count > Constants::max_allowed_function_locals_per_type)
+        return with_eof_check(stream, ParseError::HugeAllocationRequested);
+
     auto type = ValueType::parse(stream);
     if (type.is_error())
         return type.error();