diff --git a/server-esc.c b/server-esc.c
index 3616f67..bae7b8f 100644
--- a/server-esc.c
+++ b/server-esc.c
@@ -333,7 +333,7 @@ static void perform_log_replay(obj_t *client)
         p = logfile->bufInPtr - n;
         if (p >= logfile->buf) {        /* no wrap needed */
             memcpy(ptr, p, n);
-            ptr += n;
+            ptr =  (ptr - buf + n > MAX_BUF_SIZE - 1 ? buf + MAX_BUF_SIZE - 1 : ptr + n);
         }
         else {                          /* wrap backwards */
             m = logfile->buf - p;
@@ -351,6 +351,9 @@ static void perform_log_replay(obj_t *client)
          *    for this string.  We could get away with just sprintf() here.
          */
         len = &buf[sizeof(buf)] - ptr;
+        if( len > sizeof(buf) - 1 ) {  /* Ensure buffer overflow cannot happen */
+                len = sizeof(buf) - 1;
+        }
         n = snprintf((char *) ptr, len, "%sEnd log replay of console [%s]%s",
             CONMAN_MSG_PREFIX, console->name, CONMAN_MSG_SUFFIX);
         assert((n >= 0) && (n < len));