diff --git a/Libraries/LibIPC/TransportSocket.cpp b/Libraries/LibIPC/TransportSocket.cpp
index 01e717253de..8522d19f0ad 100644
--- a/Libraries/LibIPC/TransportSocket.cpp
+++ b/Libraries/LibIPC/TransportSocket.cpp
@@ -152,9 +152,13 @@ TransportSocket::ShouldShutdown TransportSocket::read_as_many_messages_as_possib
     }
 
     size_t index = 0;
-    while (index + sizeof(MessageHeader) < m_unprocessed_bytes.size()) {
+    while (index + sizeof(MessageHeader) <= m_unprocessed_bytes.size()) {
         MessageHeader header;
         memcpy(&header, m_unprocessed_bytes.data() + index, sizeof(MessageHeader));
+        if (header.size + sizeof(MessageHeader) > m_unprocessed_bytes.size() - index)
+            break;
+        if (header.fd_count > m_unprocessed_fds.size())
+            break;
         Message message;
         for (size_t i = 0; i < header.fd_count; ++i)
             message.fds.append(m_unprocessed_fds.dequeue());
diff --git a/Libraries/LibIPC/UnprocessedFileDescriptors.h b/Libraries/LibIPC/UnprocessedFileDescriptors.h
index ecdda2b7244..991c5598b8a 100644
--- a/Libraries/LibIPC/UnprocessedFileDescriptors.h
+++ b/Libraries/LibIPC/UnprocessedFileDescriptors.h
@@ -27,6 +27,8 @@ public:
         m_fds.prepend(move(fds));
     }
 
+    size_t size() const { return m_fds.size(); }
+
 private:
     Vector<File> m_fds;
 };