diff --git a/internal/impl/validate.go b/internal/impl/validate.go
index 9e339798..bf5f60d9 100644
--- a/internal/impl/validate.go
+++ b/internal/impl/validate.go
@@ -414,7 +414,7 @@ State:
 				continue State
 			case wire.BytesType:
 				var size uint64
-				if b[0] < 0x80 {
+				if len(b) >= 1 && b[0] < 0x80 {
 					size = uint64(b[0])
 					b = b[1:]
 				} else if len(b) >= 2 && b[1] < 128 {
diff --git a/proto/testmessages_test.go b/proto/testmessages_test.go
index 99948043..d7f5523b 100644
--- a/proto/testmessages_test.go
+++ b/proto/testmessages_test.go
@@ -2068,4 +2068,24 @@ var testInvalidMessages = []testProto{
 			}},
 		}.Marshal(),
 	},
+	{
+		desc: "varint field overruns message",
+		decodeTo: []proto.Message{
+			(*testpb.TestAllTypes)(nil),
+			(*testpb.TestAllExtensions)(nil),
+		},
+		wire: pack.Message{
+			pack.Tag{1, pack.VarintType},
+		}.Marshal(),
+	},
+	{
+		desc: "bytes field lacks size",
+		decodeTo: []proto.Message{
+			(*testpb.TestAllTypes)(nil),
+			(*testpb.TestAllExtensions)(nil),
+		},
+		wire: pack.Message{
+			pack.Tag{18, pack.BytesType},
+		}.Marshal(),
+	},
 }