diff --git a/lib11sht.c b/lib11sht.c
index 0790014..048864d 100644
--- a/lib11sht.c
+++ b/lib11sht.c
@@ -17,7 +17,7 @@
 /* Internal helpers — kept private to this translation unit. */
 static int   uselesschar(int c);
 static void  trim(char *s);
-static void  asciify(const char *src, char *dest);
+static void  asciify(const char *src, char *dest, size_t dest_size);
 static int   ulen(unsigned char c);
 static float shit11(char *s1, char *s2);
 static float fmin3(float a, float b, float c);
@@ -57,8 +57,8 @@ int sequal_full(char *a, char *b, float shold, float *ratio, char *s1, char *s2)
     }
 
     /* remove accents */
-    asciify(a, s1);
-    asciify(b, s2);
+    asciify(a, s1, LEVN_SBUFF);
+    asciify(b, s2, LEVN_SBUFF);
 
     /* trim spaces (leading, trailing, and internal collapse) */
     trim(s1);
@@ -192,7 +192,7 @@ static int ulen(unsigned char c)
 }
 
 /* ---------------------------------------------------------------------- */
-static void asciify(const char *src, char *dest)
+static void asciify(const char *src, char *dest, size_t dest_size)
 {
     int len, i, k, j, found;
     char ch[5]; /* UTF8 multibyte char */
@@ -210,7 +210,7 @@ static void asciify(const char *src, char *dest)
         "ª","º","Ç","ç","Ñ", "ñ","¹","²","³",
         "\xC2\xA0"};                    /* NBSP */
 
-    if(!src || !dest)
+    if(!src || !dest || dest_size == 0)
         return;
     if(*src=='\0')
     {
@@ -219,7 +219,8 @@ static void asciify(const char *src, char *dest)
     }
 
     j=i=0;
-    while(src[i]!='\0' && i < LEVN_SBUFF)
+    /* leave room for the final NUL: writes capped at dest_size-1 */
+    while(src[i]!='\0' && i < LEVN_SBUFF && j < (int)dest_size - 1)
     {
         if(((unsigned char)src[i] & 0xc0) == 0x80) /* non ASCII, UTF continuation char */
         {