diff --git a/src/varint.rs b/src/varint.rs
index 7c48d7c..875d865 100644
--- a/src/varint.rs
+++ b/src/varint.rs
@@ -140,8 +140,12 @@ impl VarInt for u64 {
             result |= (msb_dropped as u64) << shift;
             shift += 7;
 
-            if b & MSB == 0 || shift > (9 * 7) {
-                success = b & MSB == 0;
+            if shift > (9 * 7) {
+                // BUGIFX: this check is required to ensure that we actually return `None` when `src` has a value that would overflow `u64`.
+                success = *b < 2;
+                break;
+            } else if b & MSB == 0 {
+                success = true;
                 break;
             }
         }
diff --git a/src/varint_tests.rs b/src/varint_tests.rs
index c4a0928..bb5ea01 100644
--- a/src/varint_tests.rs
+++ b/src/varint_tests.rs
@@ -50,6 +50,12 @@ mod tests {
         );
     }
 
+    #[test]
+    fn test_decode_max_u64_plus_one() {
+        let max_vec_encoded = vec![0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x02];
+        assert!(u64::decode_var(max_vec_encoded.as_slice()).is_none());
+    }
+
     #[test]
     fn test_encode_i64() {
         assert_eq!((0 as i64).encode_var_vec(), (0 as u32).encode_var_vec());