diff --git a/epan/dissectors/packet-rtcp.c b/epan/dissectors/packet-rtcp.c
index 6d07153f1e..b059fbaf2a 100644
--- a/epan/dissectors/packet-rtcp.c
+++ b/epan/dissectors/packet-rtcp.c
@@ -2825,7 +2825,7 @@ dissect_rtcp_app( tvbuff_t *tvb,packet_info *pinfo, int offset, proto_tree *tree
 
 static int
 dissect_rtcp_bye( tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tree,
-    unsigned int count )
+    unsigned int count, unsigned int packet_length )
 {
     unsigned int chunk;
     unsigned int reason_length = 0;
@@ -2839,7 +2839,7 @@ dissect_rtcp_bye( tvbuff_t *tvb, packet_info *pinfo, int offset, proto_tree *tre
         chunk++;
     }
 
-    if ( tvb_reported_length_remaining( tvb, offset ) > 0 ) {
+    if (count * 4 < packet_length) {
         /* Bye reason consists of an 8 bit length l and a string with length l */
         reason_length = tvb_get_guint8( tvb, offset );
         proto_tree_add_item( tree, hf_rtcp_sdes_length, tvb, offset, 1, ENC_BIG_ENDIAN );
@@ -4279,7 +4279,7 @@ dissect_rtcp( tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U
                 offset++;
                 /* Packet length in 32 bit words MINUS one, 16 bits */
                 offset = dissect_rtcp_length_field(rtcp_tree, tvb, offset);
-                offset = dissect_rtcp_bye( tvb, pinfo, offset, rtcp_tree, elem_count );
+                offset = dissect_rtcp_bye( tvb, pinfo, offset, rtcp_tree, elem_count, packet_length-4 );
                 break;
             case RTCP_APP: {
                 /* Subtype, 5 bits */