diff --git a/src/jdk.jdeps/share/classes/com/sun/tools/classfile/ClassReader.java b/src/jdk.jdeps/share/classes/com/sun/tools/classfile/ClassReader.java
index 8102a7dee8b..6511d0f905c 100644
--- a/src/jdk.jdeps/share/classes/com/sun/tools/classfile/ClassReader.java
+++ b/src/jdk.jdeps/share/classes/com/sun/tools/classfile/ClassReader.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2008, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -56,6 +56,15 @@ public class ClassReader {
     public Attribute readAttribute() throws IOException {
         int name_index = readUnsignedShort();
         int length = readInt();
+        if (length < 0) { // we have an overflow as max_value(u4) > max_value(int)
+            String attrName;
+            try {
+                attrName = getConstantPool().getUTF8Value(name_index);
+            } catch (ConstantPool.InvalidIndex | ConstantPool.UnexpectedEntry e) {
+                attrName = "";
+            }
+            throw new FatalError(String.format("attribute %s too big to handle", attrName));
+        }
         byte[] data = new byte[length];
         readFully(data);
 
diff --git a/src/jdk.jdeps/share/classes/com/sun/tools/classfile/FatalError.java b/src/jdk.jdeps/share/classes/com/sun/tools/classfile/FatalError.java
new file mode 100644
index 00000000000..1f7ad56ef9d
--- /dev/null
+++ b/src/jdk.jdeps/share/classes/com/sun/tools/classfile/FatalError.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package com.sun.tools.classfile;
+
+/**
+ *  <p><b>This is NOT part of any supported API.
+ *  If you write code that depends on this, you do so at your own risk.
+ *  This code and its internal interfaces are subject to change or
+ *  deletion without notice.</b>
+ */
+public class FatalError extends Error {
+    private static final long serialVersionUID = 8114054446416187030L;
+
+    FatalError(String message) {
+        super(message);
+    }
+}
diff --git a/src/jdk.jdeps/share/classes/com/sun/tools/javap/JavapTask.java b/src/jdk.jdeps/share/classes/com/sun/tools/javap/JavapTask.java
index e446de3d4e7..fc511a2e25c 100644
--- a/src/jdk.jdeps/share/classes/com/sun/tools/javap/JavapTask.java
+++ b/src/jdk.jdeps/share/classes/com/sun/tools/javap/JavapTask.java
@@ -632,6 +632,13 @@ public class JavapTask implements DisassemblerTool.DisassemblerTask, Messages {
             } catch (OutOfMemoryError e) {
                 reportError("err.nomem");
                 result = EXIT_ERROR;
+            } catch (FatalError e) {
+                Object msg = e.getLocalizedMessage();
+                if (msg == null) {
+                    msg = e;
+                }
+                reportError("err.fatal.err", msg);
+                result = EXIT_ERROR;
             } catch (Throwable t) {
                 StringWriter sw = new StringWriter();
                 PrintWriter pw = new PrintWriter(sw);
diff --git a/src/jdk.jdeps/share/classes/com/sun/tools/javap/resources/javap.properties b/src/jdk.jdeps/share/classes/com/sun/tools/javap/resources/javap.properties
index e406d9c82e5..d1eced3174f 100644
--- a/src/jdk.jdeps/share/classes/com/sun/tools/javap/resources/javap.properties
+++ b/src/jdk.jdeps/share/classes/com/sun/tools/javap/resources/javap.properties
@@ -46,6 +46,7 @@ err.nomem=Insufficient memory. To increase memory use -J-Xmx option.
 err.cant.find.module=Cannot find module {0}
 err.cant.find.module.ex=Problem finding module {0}: {1}
 err.only.for.launcher=This option can only be used when invoking javap from the command-line launcher.
+err.fatal.err=Fatal error: {0}
 
 main.usage.summary=\
 Usage: {0} <options> <classes>\n\
diff --git a/test/langtools/tools/javap/attribute_length/AttributeLengthTest.java b/test/langtools/tools/javap/attribute_length/AttributeLengthTest.java
new file mode 100644
index 00000000000..ff6f5456351
--- /dev/null
+++ b/test/langtools/tools/javap/attribute_length/AttributeLengthTest.java
@@ -0,0 +1,53 @@
+/*
+ * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/* @test
+ * @bug 8230918
+ * @summary j.l.NASE in javap
+ * @modules jdk.jdeps/com.sun.tools.javap
+ * @compile JavapBug.jcod
+ * @run main AttributeLengthTest
+ */
+
+import java.io.*;
+
+
+import java.util.*;
+import java.util.Properties;
+
+public class AttributeLengthTest {
+    public static void main(String... args) throws Exception {
+        String testClasses = System.getProperty("test.classes");
+        String fileSep = System.getProperty("file.separator");
+
+        String[] opts = { "-v", testClasses + fileSep + "JavapBug.class" };
+        StringWriter sw = new StringWriter();
+        PrintWriter pout = new PrintWriter(sw);
+
+        com.sun.tools.javap.Main.run(opts, pout);
+        pout.flush();
+        if (sw.getBuffer().indexOf("Error: Fatal error: attribute Code too big to handle") == -1) {
+            throw new Exception("unexpected javap output");
+        }
+    }
+}
diff --git a/test/langtools/tools/javap/attribute_length/JavapBug.jcod b/test/langtools/tools/javap/attribute_length/JavapBug.jcod
new file mode 100644
index 00000000000..d5cf3986482
--- /dev/null
+++ b/test/langtools/tools/javap/attribute_length/JavapBug.jcod
@@ -0,0 +1,62 @@
+class JavapBug {
+  0xCAFEBABE;
+  0; // minor version
+  60; // version
+  [13] { // Constant Pool
+    ; // first element is empty
+    Method #2 #3; // #1     at 0x0A
+    class #4; // #2     at 0x0F
+    NameAndType #5 #6; // #3     at 0x12
+    Utf8 "java/lang/Object"; // #4     at 0x17
+    Utf8 "<init>"; // #5     at 0x2A
+    Utf8 "()V"; // #6     at 0x33
+    class #8; // #7     at 0x39
+    Utf8 "JavapBug"; // #8     at 0x3C
+    Utf8 "Code"; // #9     at 0x47
+    Utf8 "LineNumberTable"; // #10     at 0x4E
+    Utf8 "SourceFile"; // #11     at 0x60
+    Utf8 "JavapBug.java"; // #12     at 0x6D
+  } // Constant Pool
+
+  0x0020; // access [ ACC_SUPER ]
+  #7;// this_cpx
+  #2;// super_cpx
+
+  [0] { // Interfaces
+  } // Interfaces
+
+  [0] { // Fields
+  } // Fields
+
+  [1] { // Methods
+    {  // method at 0x89
+      0x0000; // access
+      #5; // name_index       : <init>
+      #6; // descriptor_index : ()V
+      [1] { // Attributes
+        Attr(#9, 2147483648) { // Code at 0x91
+          1; // max_stack
+          1; // max_locals
+          Bytes[5]{
+            0x2AB70001B1;
+          }
+          [0] { // Traps
+          } // end Traps
+          [1] { // Attributes
+            Attr(#10, 6) { // LineNumberTable at 0xA8
+              [1] { // line_number_table
+                0  1; //  at 0xB4
+              }
+            } // end LineNumberTable
+          } // Attributes
+        } // end Code
+      } // Attributes
+    }
+  } // Methods
+
+  [1] { // Attributes
+    Attr(#11, 2) { // SourceFile at 0xB6
+      #12;
+    } // end SourceFile
+  } // Attributes
+} // end class JavapBug