diff --git a/src/wasm-interpreter.h b/src/wasm-interpreter.h
index 5ae570437ed..a8033a8fca5 100644
--- a/src/wasm-interpreter.h
+++ b/src/wasm-interpreter.h
@@ -2415,6 +2415,9 @@ class ExpressionRunner : public OverriddenVisitor<SubType, Flow> {
       trap("null ref");
     }
     size_t indexVal = index.getSingleValue().getUnsigned();
+    if (indexVal >= data->values.size()) {
+      trap("array oob");
+    }
     auto& field = data->values[indexVal];
     auto oldVal = field;
     auto newVal = value.getSingleValue();
@@ -2451,6 +2454,9 @@ class ExpressionRunner : public OverriddenVisitor<SubType, Flow> {
       trap("null ref");
     }
     size_t indexVal = index.getSingleValue().getUnsigned();
+    if (indexVal >= data->values.size()) {
+      trap("array oob");
+    }
     auto& field = data->values[indexVal];
     auto oldVal = field;
     if (field == expected.getSingleValue()) {