diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
index 46e1e75d77..9dc5d9f1e1 100644
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@@ -503,6 +503,11 @@ int avtab_read_item(struct policy_file *fp, uint32_t vers, avtab_t * a,
 
 		for (i = 0; i < ARRAY_SIZE(spec_order); i++) {
 			if (val & spec_order[i]) {
+				if (items >= items2) { /* items is index, items2 is total number */
+					ERR(fp->handle, "entry has too many items (%d/%d)",
+					    items + 1, items2);
+					return -1;
+				}
 				key.specified = spec_order[i] | enabled;
 				datum.data = le32_to_cpu(buf32[items++]);
 				rc = insertf(a, &key, &datum, p);