diff --git a/drivers/char/diag/diagfwd.c b/drivers/char/diag/diagfwd.c
index 62f63a7699ae0255fc937fdc51c9acf7f363179c..7e68176f12128b592bafa45c4604dd6100144449 100644
--- a/drivers/char/diag/diagfwd.c
+++ b/drivers/char/diag/diagfwd.c
@@ -1679,6 +1679,19 @@ void diag_process_hdlc(void *data, unsigned len)
 	hdlc.escaping = 0;
 
 	ret = diag_hdlc_decode(&hdlc);
+
+	/*
+	 * If the message is 3 bytes or less in length then the message is
+	 * too short. A message will need 4 bytes minimum, since there are
+	 * 2 bytes for the CRC and 1 byte for the ending 0x7e for the hdlc
+	 * encoding
+	 */
+	if (hdlc.dest_idx < 4) {
+		pr_err_ratelimited("diag: In %s, message is too short, len: %d,"
+			" dest len: %d\n", __func__, len, hdlc.dest_idx);
+		mutex_unlock(&driver->diag_hdlc_mutex);
+		return;
+	}
 	if (ret) {
 		crc_chk = crc_check(hdlc.dest_ptr, hdlc.dest_idx);
 		if (crc_chk) {
diff --git a/drivers/char/diag/diagfwd.h b/drivers/char/diag/diagfwd.h
index d3018030cdd7f42053689623712be30615805fab..e6532d516b64442df40ddf01c8a948c068ee2ef5 100644
--- a/drivers/char/diag/diagfwd.h
+++ b/drivers/char/diag/diagfwd.h
@@ -20,7 +20,7 @@
 #define RESET_AND_QUEUE 1
 
 #define CHK_OVERFLOW(bufStart, start, end, length) \
-	((((bufStart) <= (start)) && ((end) - (start) >= (length))) ? 1 : 0)
+  ((((bufStart) <= (start)) && ((end) - (start) >= (length)) && ((length) > 0)) ? 1 : 0)
 
 void diagfwd_init(void);
 void diagfwd_exit(void);