diff --git a/src/utils/radiotap_parser.cpp b/src/utils/radiotap_parser.cpp
index e3d4f3b..cff4b16 100644
--- a/src/utils/radiotap_parser.cpp
+++ b/src/utils/radiotap_parser.cpp
@@ -152,6 +152,9 @@ RadioTapParser::RadioTapParser(const vector<uint8_t>& buffer)
         current_flags_ = 0;
     }
     else {
+        if (TINS_UNLIKELY(buffer.size() < sizeof(RadioTapFlags))) {
+            throw malformed_packet();
+        }
         start_ = &*buffer.begin();
         end_ = start_ + buffer.size();
         load_current_flags();
@@ -257,11 +260,11 @@ const uint8_t* RadioTapParser::find_options_start() const {
     // Skip fields before the flags one
     const RadioTapFlags* flags = get_flags_ptr();
     while (flags->ext == 1) {
+        total_sz -= sizeof(RadioTapFlags);
         if (TINS_UNLIKELY(total_sz < sizeof(RadioTapFlags))) {
             throw malformed_packet();
         }
         ++flags;
-        total_sz -= sizeof(RadioTapFlags);
     }
     return reinterpret_cast<const uint8_t*>(flags) + sizeof(RadioTapFlags);
 }
diff --git a/tests/src/radiotap_test.cpp b/tests/src/radiotap_test.cpp
index c3c7f0c..7ac95f8 100644
--- a/tests/src/radiotap_test.cpp
+++ b/tests/src/radiotap_test.cpp
@@ -626,6 +626,14 @@ TEST_F(RadioTapTest, RadioTapParsingUsingEmptyBuffer) {
     EXPECT_FALSE(parser.has_field(RadioTap::ANTENNA));
 }
 
+TEST_F(RadioTapTest, RadioTapParsingUsingBogusBuffer) {
+    vector<uint8_t> buffer;
+    for (int i = 0; i < 4; ++i) {
+        buffer.push_back(0xff);
+    }
+    EXPECT_THROW(RadioTapParser parser(buffer), malformed_packet);
+}
+
 TEST_F(RadioTapTest, RadioTapWritingEmptyBuffer) {
     vector<uint8_t> buffer;
     RadioTapWriter writer(buffer);