diff --git a/epan/reassemble.c b/epan/reassemble.c
index 5ff9dcf..0838cb1 100644
--- a/epan/reassemble.c
+++ b/epan/reassemble.c
@@ -1008,9 +1008,11 @@ fragment_add_work(fragment_data *fd_head, tvbuff_t *tvb, const int offset,
 
 	/* If we have reached this point, the packet is not defragmented yet.
 	 * Save all payload in a buffer until we can defragment.
-	 * XXX - what if we didn't capture the entire fragment due
-	 * to a too-short snapshot length?
 	 */
+	if (!tvb_bytes_exist(tvb, offset, fd->len)) {
+		g_slice_free(fragment_data, fd);
+		THROW(BoundsError);
+	}
 	fd->data = (unsigned char *)g_malloc(fd->len);
 	tvb_memcpy(tvb, fd->data, offset, fd->len);
 	LINK_FRAG(fd_head,fd);