diff --git a/derp/derp.go b/derp/derp.go
index 5e979503a..7f0ccf24d 100644
--- a/derp/derp.go
+++ b/derp/derp.go
@@ -138,7 +138,8 @@ func readFrame(br *bufio.Reader, maxSize uint32, b []byte) (t frameType, frameLe
 	if frameLen > maxSize {
 		return 0, 0, fmt.Errorf("frame header size %d exceeds reader limit of %d", frameLen, maxSize)
 	}
-	n, err := io.ReadFull(br, b[:frameLen])
+
+	n, err := io.ReadFull(br, b[:minUint32(frameLen, uint32(len(b)))])
 	if err != nil {
 		return 0, 0, err
 	}
@@ -179,3 +180,10 @@ func minInt(a, b int) int {
 	}
 	return b
 }
+
+func minUint32(a, b uint32) uint32 {
+	if a < b {
+		return a
+	}
+	return b
+}