diff --git a/hphp/runtime/ext/json/JSON_parser.cpp b/hphp/runtime/ext/json/JSON_parser.cpp
index b8d52359368d4..f6bfbf696fcb0 100644
--- a/hphp/runtime/ext/json/JSON_parser.cpp
+++ b/hphp/runtime/ext/json/JSON_parser.cpp
@@ -453,12 +453,13 @@ struct SimpleParser {
       case 'u': {
         if (UNLIKELY(is_tsimplejson)) {
           auto const ch1 = *p++;
+          if (UNLIKELY(ch1 != '0')) return false;
           auto const ch2 = *p++;
+          if (UNLIKELY(ch2 != '0')) return false;
           auto const dch3 = dehexchar(*p++);
+          if (UNLIKELY(dch3 < 0)) return false;
           auto const dch4 = dehexchar(*p++);
-          if (UNLIKELY(ch1 != '0' || ch2 != '0' || dch3 < 0 || dch4 < 0)) {
-            return false;
-          }
+          if (UNLIKELY(dch4 < 0)) return false;
           out = (dch3 << 4) | dch4;
           return true;
         } else {
diff --git a/hphp/test/slow/ext_json/decode_crash.php b/hphp/test/slow/ext_json/decode_crash.php
index 003b886b2f423..4d7f4c20d2142 100644
--- a/hphp/test/slow/ext_json/decode_crash.php
+++ b/hphp/test/slow/ext_json/decode_crash.php
@@ -2,3 +2,4 @@
 
 var_dump(json_decode('"a"', false, 0, 0));
 var_dump(json_decode('"abc', true, 1000, 0));
+var_dump(json_decode('"\\u', true, 1000, 17180393472));
diff --git a/hphp/test/slow/ext_json/decode_crash.php.expect b/hphp/test/slow/ext_json/decode_crash.php.expect
index e2a4ea7d26ca5..00a53d981aaac 100644
--- a/hphp/test/slow/ext_json/decode_crash.php.expect
+++ b/hphp/test/slow/ext_json/decode_crash.php.expect
@@ -1,2 +1,3 @@
 NULL
 NULL
+NULL