diff --git a/common/bolt11.c b/common/bolt11.c
index 03498bffa..9035834c6 100644
--- a/common/bolt11.c
+++ b/common/bolt11.c
@@ -474,6 +474,9 @@ struct bolt11 *bolt11_decode(const tal_t *ctx, const char *str,
 
         b11->routes = tal_arr(b11, struct route_info *, 0);
 
+        if (strlen(str) < 8)
+                return decode_fail(b11, fail, "Bad bech32 string");
+
         hrp = tal_arr(tmpctx, char, strlen(str) - 6);
         data = tal_arr(tmpctx, u5, strlen(str) - 8);