diff --git a/src/value-serializer.cc b/src/value-serializer.cc
index e6946de8e2..c545b245cd 100644
--- a/src/value-serializer.cc
+++ b/src/value-serializer.cc
@@ -1473,10 +1473,8 @@ MaybeHandle<JSArray> ValueDeserializer::ReadDenseJSArray() {
     // hole. Past version 11, undefined means undefined.
     if (version_ < 11 && element->IsUndefined(isolate_)) continue;
 
-    // Make sure elements is still large enough.
-    if (i >= static_cast<uint32_t>(elements->length())) {
-      return MaybeHandle<JSArray>();
-    }
+    // Safety check.
+    CHECK_LT(i, static_cast<uint32_t>(elements->length()));
 
     elements->set(i, *element);
   }
diff --git a/test/unittests/value-serializer-unittest.cc b/test/unittests/value-serializer-unittest.cc
index b9a7af3a6b..370dc727c6 100644
--- a/test/unittests/value-serializer-unittest.cc
+++ b/test/unittests/value-serializer-unittest.cc
@@ -1870,6 +1870,22 @@ TEST_F(ValueSerializerTest, DecodeDataView) {
   ExpectScriptTrue("Object.getPrototypeOf(result) === DataView.prototype");
 }
 
+TEST_F(ValueSerializerTest, DecodeArrayWithLengthProperty1) {
+  Local<Value> value = DecodeTest(
+      {0xff, 0x0d, 0x41, 0x03, 0x49, 0x02, 0x49, 0x04, 0x49, 0x06, 0x22, 0x06,
+       0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x49, 0x02, 0x24, 0x01, 0x03});
+  ASSERT_TRUE(value->IsArray());
+  EXPECT_EQ(1u, Local<Array>::Cast(value)->Length());
+}
+
+TEST_F(ValueSerializerTest, DecodeArrayWithLengthProperty2) {
+  ASSERT_DEATH_IF_SUPPORTED(
+      DecodeTest({0xff, 0x0d, 0x41, 0x03, 0x49, 0x02, 0x49, 0x04,
+                  0x49, 0x06, 0x22, 0x06, 0x6c, 0x65, 0x6e, 0x67,
+                  0x74, 0x68, 0x6f, 0x7b, 0x00, 0x24, 0x01, 0x03}),
+      ".*AllowJavascriptExecution::IsAllowed.*");
+}
+
 TEST_F(ValueSerializerTest, DecodeInvalidDataView) {
   // Byte offset out of range.
   InvalidDecodeTest(