diff --git a/hw/ide/atapi.c b/hw/ide/atapi.c
index 1b0f66cc089be5324ba073d73efc6128bf78ddd1..fc9dc87f0391395dc9a760d105ff23166b7f798e 100644
--- a/hw/ide/atapi.c
+++ b/hw/ide/atapi.c
@@ -300,6 +300,9 @@ void ide_atapi_cmd_reply_end(IDEState *s)
         s->packet_transfer_size -= size;
         s->elementary_transfer_size -= size;
         s->io_buffer_index += size;
+	if (s->io_buffer_index > s->io_buffer_total_len) {
+            return;
+        }
 
         /* Some adapters process PIO data right away.  In that case, we need
          * to avoid mutual recursion between ide_transfer_start