--- heartbeat-1.2.3/lib/clplumbing/cl_netstring.c
+++ heartbeat-1.2.3/lib/clplumbing/cl_netstring.c
@@ -257,6 +257,11 @@
 	*data = sp;
 
 	sp += (*len);
+
+	if (sp >= smax ){
+		return(HA_FAIL);
+	}
+
 	if (*sp != ','){
 		return(HA_FAIL);
 	}