diff --git a/src/read.c b/src/read.c
index cf3e5e38fc..0253269722 100644
--- a/src/read.c
+++ b/src/read.c
@@ -1534,9 +1534,15 @@ static avifResult avifDecoderItemRead(avifDecoderItem * item,
             item->mergedExtents.size = bytesToRead;
         } else {
             AVIF_ASSERT_OR_RETURN(item->ownsMergedExtents);
-            AVIF_ASSERT_OR_RETURN(front);
-            memcpy(front, offsetBuffer.data, bytesToRead);
-            front += bytesToRead;
+
+            size_t writeOffset = (size_t)(front - item->mergedExtents.data);
+
+            AVIF_ASSERT_OR_RETURN(writeOffset < item->mergedExtents.size);
+            AVIF_ASSERT_OR_RETURN(bytesToRead <= item->mergedExtents.size - writeOffset);
+
+            uint8_t *dst = item->mergedExtents.data + writeOffset;
+            memcpy(dst, offsetBuffer.data, bytesToRead);
+            writeOffset += bytesToRead;
         }
 
         remainingBytes -= bytesToRead;