diff --git a/src/trees-ostream.c b/src/trees-ostream.c
index ebe8ca6484a399dcd3725651dc74b2fbcce624d9..c2b3a66681c4d2ed33150e4d7656000255345523 100644
--- a/src/trees-ostream.c
+++ b/src/trees-ostream.c
@@ -20,7 +20,6 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-#include <assert.h>
 #include <arpa/inet.h>
 #include <string.h>
 
@@ -84,11 +83,15 @@ trees_ostream_send_chunk(struct trees_ostream *sstream,
                          const unsigned char *chunk, size_t chunk_size)
 {
   ssize_t ret;
-  /* Extra protection here against overflow. Maybe too agressive! */
-  assert(chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES));
   size_t ciphertext_len = crypto_box_SEALBYTES + chunk_size;
   unsigned char ciphertext[ciphertext_len];
 
+  /* Extra protection here against overflow. */
+  if (chunk_size < (SSIZE_MAX - crypto_box_SEALBYTES)) {
+    sstream->ostream.ostream.stream_errno = EIO;
+    goto err;
+  }
+
   sodium_memzero(ciphertext, sizeof(ciphertext));
   ret = crypto_box_seal(ciphertext, chunk, chunk_size,
                         sstream->public_key);