diff --git a/lib/roles/ws/ext/extension-permessage-deflate.c b/lib/roles/ws/ext/extension-permessage-deflate.c
index 79c70ea955386ea16f5fcde56c44355afe134c7f..2855f78b41c8de45010704276d89f09baa28d768 100644
--- a/lib/roles/ws/ext/extension-permessage-deflate.c
+++ b/lib/roles/ws/ext/extension-permessage-deflate.c
@@ -308,6 +308,12 @@ lws_extension_callback_pm_deflate(struct lws_context *context,
 		 * track how much input was used, and advance it
 		 */
 
+		/* COV says we can overflow if "eb_in.len == 0 and rx->avail_in == 4" */
+		if ((unsigned int)priv->rx.avail_in > (unsigned int)pmdrx->eb_in.len) {
+			lwsl_wsi_err(wsi, "rx buffer underflow");
+			return PMDR_FAILED;
+		}
+
 		pmdrx->eb_in.token = pmdrx->eb_in.token +
 				         ((unsigned int)pmdrx->eb_in.len - (unsigned int)priv->rx.avail_in);
 		pmdrx->eb_in.len = (int)priv->rx.avail_in;