diff --git a/lib/bcoin/script.js b/lib/bcoin/script.js
index 60045a01..1617a245 100644
--- a/lib/bcoin/script.js
+++ b/lib/bcoin/script.js
@@ -2620,10 +2620,12 @@ Script.decode = function decode(buf) {
     if (b >= 0x01 && b <= 0x4b) {
       code.push(buf.slice(off, off + b));
       off += b;
-      utils.hidden(code[code.length - 1], 'pushdata', {
-        opcode: null,
-        len: b
-      });
+      if (off > buf.length) {
+        utils.hidden(code[code.length - 1], 'pushdata', {
+          opcode: null,
+          len: b
+        });
+      }
       continue;
     }
 
@@ -2647,28 +2649,34 @@ Script.decode = function decode(buf) {
       off += 1;
       code.push(buf.slice(off, off + len));
       off += len;
-      utils.hidden(code[code.length - 1], 'pushdata', {
-        opcode: opcode,
-        len: len
-      });
+      if (len <= 0x4b || off > buf.length) {
+        utils.hidden(code[code.length - 1], 'pushdata', {
+          opcode: opcode,
+          len: len
+        });
+      }
     } else if (opcode === 'pushdata2') {
       len = utils.readU16(buf, off);
       off += 2;
       code.push(buf.slice(off, off + len));
       off += len;
-      utils.hidden(code[code.length - 1], 'pushdata', {
-        opcode: opcode,
-        len: len
-      });
+      if (len <= 0xff || off > buf.length) {
+        utils.hidden(code[code.length - 1], 'pushdata', {
+          opcode: opcode,
+          len: len
+        });
+      }
     } else if (opcode === 'pushdata4') {
       len = utils.readU32(buf, off);
       off += 4;
       code.push(buf.slice(off, off + len));
       off += len;
-      utils.hidden(code[code.length - 1], 'pushdata', {
-        opcode: opcode,
-        len: len
-      });
+      if (len <= 0xffff || off > buf.length) {
+        utils.hidden(code[code.length - 1], 'pushdata', {
+          opcode: opcode,
+          len: len
+        });
+      }
     } else {
       code.push(opcode || b);
     }