diff --git a/miniprogram/encryptor/encryptor.go b/miniprogram/encryptor/encryptor.go
index 26a57a5..af3c4c2 100644
--- a/miniprogram/encryptor/encryptor.go
+++ b/miniprogram/encryptor/encryptor.go
@@ -6,6 +6,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"errors"
+	"fmt"
 
 	"github.com/silenceper/wechat/v2/miniprogram/context"
 )
@@ -90,6 +91,9 @@ func GetCipherText(sessionKey, encryptedData, iv string) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
+	if len(ivBytes) != aes.BlockSize {
+		return nil, fmt.Errorf("bad iv length %d", len(ivBytes))
+	}
 	block, err := aes.NewCipher(aesKey)
 	if err != nil {
 		return nil, err
diff --git a/miniprogram/encryptor/encryptor_test.go b/miniprogram/encryptor/encryptor_test.go
new file mode 100644
index 0000000..38b518d
--- /dev/null
+++ b/miniprogram/encryptor/encryptor_test.go
@@ -0,0 +1,15 @@
+package encryptor
+
+import (
+	"encoding/base64"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetCipherText_BadIV(t *testing.T) {
+	keyData := base64.StdEncoding.EncodeToString([]byte("1234567890123456"))
+	badData := base64.StdEncoding.EncodeToString([]byte("1"))
+	_, err := GetCipherText(keyData, badData, badData)
+	assert.Error(t, err)
+}