diff --git a/gfx/qcms/iccread.c b/gfx/qcms/iccread.c
--- a/gfx/qcms/iccread.c
+++ b/gfx/qcms/iccread.c
@@ -1015,16 +1015,19 @@ qcms_profile* qcms_profile_from_memory(c
 	struct mem_source *src = &source;
 	struct tag_index index;
 	qcms_profile *profile;
 
 	source.buf = mem;
 	source.size = size;
 	source.valid = true;
 
+	if (size < 4)
+		return INVALID_PROFILE;
+
 	length = read_u32(src, 0);
 	if (length <= size) {
 		// shrink the area that we can read if appropriate
 		source.size = length;
 	} else {
 		return INVALID_PROFILE;
 	}
 
