diff --git a/blaze822.c b/blaze822.c
index 6d1b643..4276323 100644
--- a/blaze822.c
+++ b/blaze822.c
@@ -404,6 +404,9 @@ blaze822_hdr_(struct message *mesg, const char *hdr, size_t hdrlen)
 {
 	char *v;
 
+	if (mesg->msg + hdrlen - 1 >= mesg->end)
+		return 0;  // header too small for the key, probably empty
+
 	// special case: first header, no leading nul
 	if (memcmp(mesg->msg, hdr+1, hdrlen-1) == 0)
 		v = mesg->msg;