diff --git a/libraries/AP_ADSB/AP_ADSB_Sagetech_MXS.cpp b/libraries/AP_ADSB/AP_ADSB_Sagetech_MXS.cpp
index ec4e49b7d4c7b7..e0a082aee9327e 100644
--- a/libraries/AP_ADSB/AP_ADSB_Sagetech_MXS.cpp
+++ b/libraries/AP_ADSB/AP_ADSB_Sagetech_MXS.cpp
@@ -279,6 +279,12 @@ bool AP_ADSB_Sagetech_MXS::parse_byte(const uint8_t data)
         case ParseState::WaitingFor_PayloadLen: 
             message_in.checksum += data;
             message_in.packet.payload_length = data;
+            // the checksum is also appended to the payload array, so
+            // we only allow a 254 byte payload here:
+            if (message_in.packet.payload_length >= ARRAY_SIZE(message_in.packet.payload)) {
+                message_in.state = ParseState::WaitingFor_Start;
+                break;
+            }
             message_in.index = 0;
             message_in.state = (data == 0) ? ParseState::WaitingFor_Checksum : ParseState::WaitingFor_PayloadContents;
             break;