diff --git a/CHANGES b/CHANGES
index ea4cdd111..ae0e96536 100644
--- a/CHANGES
+++ b/CHANGES
@@ -35,6 +35,7 @@ Bugfixes:
  - Qt: Fix maximum year in sensor override
  - GBA: Cap audio FIFO read size during deserialization
  - GBA: Check for corrupted savestates when loading
+ - GBA: Check for improperly sized savestates when loading
 Misc:
  - Qt: Handle saving input settings better
  - Debugger: Free watchpoints in addition to breakpoints
diff --git a/src/gba/serialize.c b/src/gba/serialize.c
index fdcd85116..030a7d08b 100644
--- a/src/gba/serialize.c
+++ b/src/gba/serialize.c
@@ -264,6 +264,9 @@ bool GBALoadStateNamed(struct GBA* gba, struct VFile* vf) {
 		return _loadPNGState(gba, vf);
 	}
 	#endif
+	if (vf->size(vf) < (ssize_t) sizeof(struct GBASerializedState)) {
+		return false;
+	}
 	struct GBASerializedState* state = vf->map(vf, sizeof(struct GBASerializedState), MAP_READ);
 	if (!state) {
 		return false;