diff --git a/libavcodec/h264.c b/libavcodec/h264.c
index 822a20f6ce..f34bf2c5e2 100644
--- a/libavcodec/h264.c
+++ b/libavcodec/h264.c
@@ -7210,8 +7210,9 @@ static inline int decode_seq_parameter_set(H264Context *h){
     }
 
     tmp= get_ue_golomb(&s->gb);
-    if(tmp > MAX_PICTURE_COUNT-2){
+    if(tmp > MAX_PICTURE_COUNT-2 || tmp >= 32){
         av_log(h->s.avctx, AV_LOG_ERROR, "too many reference frames\n");
+        return -1;
     }
     sps->ref_frame_count= tmp;
     sps->gaps_in_frame_num_allowed_flag= get_bits1(&s->gb);