diff --git a/gtests/net/packetdrill/run_packet.c b/gtests/net/packetdrill/run_packet.c
index a87fe2c1052ade9f34f7c14de0755d09052bb409..512864896d77443cb2564475504e051066aa5748 100644
--- a/gtests/net/packetdrill/run_packet.c
+++ b/gtests/net/packetdrill/run_packet.c
@@ -569,6 +569,10 @@ static int map_inbound_icmp_packet(
 	return STATUS_ERR;
 }
 
+static inline bool is_valid_sack_length(struct sctp_sack_chunk *sack) {
+	return sack->length == 16+2*sack->nr_gap_blocks+4*sack->nr_dup_tsns;
+}
+
 static int map_inbound_sctp_packet(
 	struct socket *socket, struct packet *live_packet, char **error)
 {
@@ -635,9 +639,13 @@ static int map_inbound_sctp_packet(
 			DEBUGP("New SACK cum TSN %d\n", ntohl(sack->cum_tsn));
 			nr_gap_blocks = ntohs(sack->nr_gap_blocks);
 			nr_dup_tsns = ntohs(sack->nr_dup_tsns);
-			for (i = 0; i < nr_dup_tsns; i++) {
-				sack->block[i + nr_gap_blocks].tsn = htonl(ntohl(sack->block[i + nr_gap_blocks].tsn) + local_diff);
+
+			if (is_valid_sack_length(sack)) {
+				for (i = 0; i < nr_dup_tsns; i++) {
+					sack->block[i + nr_gap_blocks].tsn = htonl(ntohl(sack->block[i + nr_gap_blocks].tsn) + local_diff);
+				}
 			}
+
 			break;
 		case SCTP_ABORT_CHUNK_TYPE:
 			abort = (struct sctp_abort_chunk *)chunk;