diff --git a/CHANGES b/CHANGES
index d2e213473..ad25a4b18 100644
--- a/CHANGES
+++ b/CHANGES
@@ -37,6 +37,7 @@ Bugfixes:
  - Debugger: Fix use-after-free in breakpoint clearing code
  - Util: Fix resource leak in UTF-8 handling code
  - VFS: Fix resource leaks if some allocations fail
+ - Debugger: Fix boundary conditions in tab completion
 Misc:
  - Qt: Show multiplayer numbers in window title
  - Qt: Handle saving input settings better
diff --git a/src/debugger/cli-debugger.c b/src/debugger/cli-debugger.c
index 03f4fb279..60b75a32d 100644
--- a/src/debugger/cli-debugger.c
+++ b/src/debugger/cli-debugger.c
@@ -817,7 +817,7 @@ static unsigned char _tabComplete(EditLine* elstate, int ch) {
 	}
 
 	const char* commandPtr;
-	int cmd = 0, len = 0;
+	size_t cmd = 0, len = 0;
 	const char* name = 0;
 	for (commandPtr = li->buffer; commandPtr <= li->cursor; ++commandPtr, ++len) {
 		for (; (name = _debuggerCommands[cmd].name); ++cmd) {
@@ -833,7 +833,7 @@ static unsigned char _tabComplete(EditLine* elstate, int ch) {
 	if (!name) {
 		return CC_ERROR;
 	}
-	if (_debuggerCommands[cmd + 1].name && name[len - 2] == _debuggerCommands[cmd + 1].name[len - 2]) {
+	if (_debuggerCommands[cmd + 1].name && strlen(_debuggerCommands[cmd + 1].name) >= len - 1 && name[len - 2] == _debuggerCommands[cmd + 1].name[len - 2]) {
 		--len;
 		const char* next = 0;
 		int i;
@@ -843,6 +843,9 @@ static unsigned char _tabComplete(EditLine* elstate, int ch) {
 			}
 			next = _debuggerCommands[i].name;
 		}
+		if (!next) {
+			return CC_ERROR;
+		}
 
 		for (; name[len]; ++len) {
 			if (name[len] != next[len]) {