diff --git a/upb/message/test.cc b/upb/message/test.cc
index be3d54e5f8..e0f439ce08 100644
--- a/upb/message/test.cc
+++ b/upb/message/test.cc
@@ -590,4 +590,10 @@ TEST(MessageTest, MapField) {
 //       901979906, 65537);
 // }
 //
+// // This test encodes a map field with extra cruft.
+// TEST(FuzzTest, DecodeEncodeArbitrarySchemaAndPayloadRegressionInvalidMap) {
+//   DecodeEncodeArbitrarySchemaAndPayload({{"%%%%///////"}, {}, "", {}},
+//                                         std::string("\035|", 2), 65536, 3);
+// }
+//
 // end:google_only
diff --git a/upb/mini_table/decode.c b/upb/mini_table/decode.c
index a36d3c501c..a34b387557 100644
--- a/upb/mini_table/decode.c
+++ b/upb/mini_table/decode.c
@@ -693,6 +693,21 @@ static void upb_MtDecoder_ParseMap(upb_MtDecoder* d, const char* data,
   }
 
   upb_MtDecoder_ParseMessage(d, data, len);
+  if (UPB_UNLIKELY(d->table->field_count != 2)) {
+    upb_MtDecoder_ErrorFormat(d, "%hu fields in map", d->table->field_count);
+    UPB_UNREACHABLE();
+  }
+  if (UPB_UNLIKELY(d->table->fields[0].number != 1)) {
+    upb_MtDecoder_ErrorFormat(d, "field %d in map key",
+                              d->table->fields[0].number);
+    UPB_UNREACHABLE();
+  }
+  if (UPB_UNLIKELY(d->table->fields[1].number != 2)) {
+    upb_MtDecoder_ErrorFormat(d, "field %d in map val",
+                              d->table->fields[1].number);
+    UPB_UNREACHABLE();
+  }
+
   upb_MtDecoder_AssignHasbits(d->table);
 
   // Map entries have a pre-determined layout, regardless of types.