diff --git a/usr.sbin/bhyve/gdb.c b/usr.sbin/bhyve/gdb.c
--- a/usr.sbin/bhyve/gdb.c
+++ b/usr.sbin/bhyve/gdb.c
@@ -1052,6 +1052,8 @@
 	bool started;
 	int error;
 
+	assert(len >= 1);
+
 	/* Skip 'm' */
 	data += 1;
 	len -= 1;
@@ -1163,6 +1165,8 @@
 	size_t resid, todo, bytes;
 	int error;
 
+	assert(len >= 1);
+
 	/* Skip 'M' */
 	data += 1;
 	len -= 1;
@@ -1557,7 +1561,7 @@
 
 		data += strlen("qThreadExtraInfo");
 		len -= strlen("qThreadExtraInfo");
-		if (*data != ',') {
+		if (len == 0 || *data != ',') {
 			send_error(EINVAL);
 			return;
 		}
@@ -1608,7 +1612,7 @@
 	case 'H': {
 		int tid;
 
-		if (data[1] != 'g' && data[1] != 'c') {
+		if (len < 2 || (data[1] != 'g' && data[1] != 'c')) {
 			send_error(EINVAL);
 			break;
 		}