diff --git a/emulator/bthost.c b/emulator/bthost.c
index 2cd79bc..33a0544 100644
--- a/emulator/bthost.c
+++ b/emulator/bthost.c
@@ -1669,9 +1669,14 @@ static void rfcomm_dm_recv(struct bthost *bthost, struct btconn *conn,
 				uint16_t len)
 {
 	const struct rfcomm_cmd *hdr = data;
-	uint8_t channel = RFCOMM_GET_CHANNEL(hdr->address);
+	uint8_t channel;
 	struct rfcomm_connection_data *conn_data = bthost->rfcomm_conn_data;
 
+	if (len < sizeof(*hdr))
+		return;
+
+	channel = RFCOMM_GET_CHANNEL(hdr->address);
+
 	if (conn_data && conn_data->channel == channel) {
 		if (conn_data->cb)
 			conn_data->cb(conn->handle, l2conn->scid,