diff --git a/ChangeLog b/ChangeLog
index 11e7a92bd..6341bd564 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - markus@cvs.openbsd.org 2012/09/17 13:04:11
      [packet.c]
      clear old keys on rekeing; ok djm
+   - dtucker@cvs.openbsd.org 2012/09/18 10:36:12
+     [sftp.c]
+     Add bounds check on sftp tab-completion.  Part of a patch from from
+     Jean-Marc Robert via tech@, ok djm
 
 20120917
  - (dtucker) OpenBSD CVS Sync
diff --git a/sftp.c b/sftp.c
index 217b63a2d..3c7bc64e1 100644
--- a/sftp.c
+++ b/sftp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp.c,v 1.137 2012/09/17 09:54:44 djm Exp $ */
+/* $OpenBSD: sftp.c,v 1.138 2012/09/18 10:36:12 dtucker Exp $ */
 /*
  * Copyright (c) 2001-2004 Damien Miller <djm@openbsd.org>
  *
@@ -991,6 +991,10 @@ makeargv(const char *arg, int *argcp, int sloppy, char *lastquote,
 	state = MA_START;
 	i = j = 0;
 	for (;;) {
+		if (argc >= sizeof(argv) / sizeof(*argv)){
+			error("Too many arguments.");
+			return NULL;
+		}
 		if (isspace(arg[i])) {
 			if (state == MA_UNQUOTED) {
 				/* Terminate current argument */