diff --git a/plugins/ndpi/ndpi.c b/plugins/ndpi/ndpi.c
index 2a6024061a..ad6cd78b7d 100644
--- a/plugins/ndpi/ndpi.c
+++ b/plugins/ndpi/ndpi.c
@@ -181,11 +181,21 @@ static void OnThreadInit(ThreadVars *tv, void *_data)
 static int DetectnDPIProtocolPacketMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    SCEnter();
+
     const Flow *f = p->flow;
+    if (f == NULL) {
+        SCLogDebug("packet %" PRIu64 ": no flow", p->pcap_cnt);
+        SCReturnInt(0);
+    }
+
     struct NdpiFlowContext *flowctx = FlowGetStorageById(f, flow_storage_id);
-    const DetectnDPIProtocolData *data = (const DetectnDPIProtocolData *)ctx;
+    if (flowctx == NULL) {
+        SCLogDebug("packet %" PRIu64 ": no flowctx", PcapPacketCntGet(p));
+        SCReturnInt(0);
+    }
 
-    SCEnter();
+    const DetectnDPIProtocolData *data = (const DetectnDPIProtocolData *)ctx;
 
     /* if the sig is PD-only we only match when PD packet flags are set */
     /*
@@ -201,11 +211,6 @@ static int DetectnDPIProtocolPacketMatch(
         SCReturnInt(0);
     }
 
-    if (f == NULL) {
-        SCLogDebug("packet %" PRIu64 ": no flow", p->pcap_cnt);
-        SCReturnInt(0);
-    }
-
     bool r = ndpi_is_proto_equals(flowctx->detected_l7_protocol.proto, data->l7_protocol, false);
     r = r ^ data->negated;
 
@@ -311,22 +316,27 @@ static void DetectnDPIProtocolFree(DetectEngineCtx *de_ctx, void *ptr)
 static int DetectnDPIRiskPacketMatch(
         DetectEngineThreadCtx *det_ctx, Packet *p, const Signature *s, const SigMatchCtx *ctx)
 {
+    SCEnter();
+
     const Flow *f = p->flow;
+    if (f == NULL) {
+        SCLogDebug("packet %" PRIu64 ": no flow", p->pcap_cnt);
+        SCReturnInt(0);
+    }
+
     struct NdpiFlowContext *flowctx = FlowGetStorageById(f, flow_storage_id);
-    const DetectnDPIRiskData *data = (const DetectnDPIRiskData *)ctx;
+    if (flowctx == NULL) {
+        SCLogDebug("packet %" PRIu64 ": no flowctx", p->pcap_cnt);
+        SCReturnInt(0);
+    }
 
-    SCEnter();
+    const DetectnDPIRiskData *data = (const DetectnDPIRiskData *)ctx;
 
     if (!flowctx->detection_completed) {
         SCLogDebug("packet %" PRIu64 ": ndpi risks not yet detected", p->pcap_cnt);
         SCReturnInt(0);
     }
 
-    if (f == NULL) {
-        SCLogDebug("packet %" PRIu64 ": no flow", p->pcap_cnt);
-        SCReturnInt(0);
-    }
-
     bool r = ((flowctx->ndpi_flow->risk & data->risk_mask) == data->risk_mask);
     r = r ^ data->negated;