diff --git a/[refs] b/[refs]
index 17758e03e011..4d1864aef880 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: ca9938fea576ebbb8d8c4fbe8a5bcc937e49e1ca
+refs/heads/master: a09c83847b664dcd67a72613374061c900afb799
diff --git a/trunk/net/sctp/inqueue.c b/trunk/net/sctp/inqueue.c
index 88aa22407549..e4ea7fdf36ed 100644
--- a/trunk/net/sctp/inqueue.c
+++ b/trunk/net/sctp/inqueue.c
@@ -130,6 +130,14 @@ struct sctp_chunk *sctp_inq_pop(struct sctp_inq *queue)
 			/* Force chunk->skb->data to chunk->chunk_end.  */
 			skb_pull(chunk->skb,
 				 chunk->chunk_end - chunk->skb->data);
+
+			/* Verify that we have at least chunk headers
+			 * worth of buffer left.
+			 */
+			if (skb_headlen(chunk->skb) < sizeof(sctp_chunkhdr_t)) {
+				sctp_chunk_free(chunk);
+				chunk = queue->in_progress = NULL;
+			}
 		}
 	}