diff --git a/srtcore/buffer.cpp b/srtcore/buffer.cpp
index 5a756792e..db3102e7a 100644
--- a/srtcore/buffer.cpp
+++ b/srtcore/buffer.cpp
@@ -522,8 +522,15 @@ int CSndBuffer::readData(const int offset, srt::CPacket& w_packet, steady_clock:
 
     // XXX Suboptimal procedure to keep the blocks identifiable
     // by sequence number. Consider using some circular buffer.
-    for (int i = 0; i < offset; ++i)
+    for (int i = 0; i < offset && p != m_pLastBlock; ++i)
+    {
         p = p->m_pNext;
+    }
+    if (p == m_pLastBlock)
+    {
+        LOGC(qslog.Error, log << "CSndBuffer::readData: offset " << offset << " too large!");
+        return 0;
+    }
 #if ENABLE_HEAVY_LOGGING
     const int32_t first_seq = p->m_iSeqNo;
     int32_t last_seq = p->m_iSeqNo;
@@ -550,7 +557,7 @@ int CSndBuffer::readData(const int offset, srt::CPacket& w_packet, steady_clock:
         w_msglen      = 1;
         p             = p->m_pNext;
         bool move     = false;
-        while (msgno == p->getMsgSeq())
+        while (p != m_pLastBlock && msgno == p->getMsgSeq())
         {
 #if ENABLE_HEAVY_LOGGING
             last_seq = p->m_iSeqNo;
diff --git a/srtcore/buffer.h b/srtcore/buffer.h
index 9a92e25b0..f69bef1d9 100644
--- a/srtcore/buffer.h
+++ b/srtcore/buffer.h
@@ -153,7 +153,7 @@ class CSndBuffer
     /// @param [out] msgno message number of the packet.
     /// @param [out] origintime origin time stamp of the message
     /// @param [out] msglen length of the message
-    /// @return Actual length of data read.
+    /// @return Actual length of data read (return 0 if offset too large, -1 if TTL exceeded).
     int readData(const int offset, srt::CPacket& w_packet, time_point& w_origintime, int& w_msglen);
 
     /// Get the time of the last retransmission (if any) of the DATA packet.
diff --git a/srtcore/core.cpp b/srtcore/core.cpp
index 1e9d2f052..826e9c18d 100644
--- a/srtcore/core.cpp
+++ b/srtcore/core.cpp
@@ -8882,7 +8882,6 @@ int srt::CUDT::packLostData(CPacket& w_packet, steady_clock::time_point& w_origi
         int msglen;
 
         const int payload = m_pSndBuffer->readData(offset, (w_packet), (w_origintime), (msglen));
-        SRT_ASSERT(payload != 0);
         if (payload == -1)
         {
             int32_t seqpair[2];
@@ -8903,12 +8902,6 @@ int srt::CUDT::packLostData(CPacket& w_packet, steady_clock::time_point& w_origi
 
             continue;
         }
-        // NOTE: This is just a sanity check. Returning 0 is impossible to happen
-        // in case of retransmission. If the offset was a positive value, then the
-        // block must exist in the old blocks because it wasn't yet cut off by ACK
-        // and has been already recorded as sent (otherwise the peer wouldn't send
-        // back the loss report). May something happen here in case when the send
-        // loss record has been updated by the FASTREXMIT.
         else if (payload == 0)
             continue;