diff --git a/libc/stdio/fmemopen.cpp b/libc/stdio/fmemopen.cpp
index 9d8c41f12..6e333ba5f 100644
--- a/libc/stdio/fmemopen.cpp
+++ b/libc/stdio/fmemopen.cpp
@@ -149,7 +149,9 @@ FILE* fmemopen(void* buf, size_t capacity, const char* mode) {
   } else if (mode[0] == 'w') {
     ck->size = 0;
     ck->offset = 0;
-    ck->buf[0] = '\0';
+    if (capacity > 0) {
+      ck->buf[0] = '\0';
+    }
   }
 
   return fp;
diff --git a/tests/stdio_test.cpp b/tests/stdio_test.cpp
index 479fd9d62..ad6ed45a9 100644
--- a/tests/stdio_test.cpp
+++ b/tests/stdio_test.cpp
@@ -1820,6 +1820,14 @@ TEST(STDIO_TEST, fmemopen_zero_length) {
   ASSERT_EQ(0, fclose(fp));
 }
 
+TEST(STDIO_TEST, fmemopen_zero_length_buffer_overrun) {
+  char buf[2] = "x";
+  ASSERT_EQ('x', buf[0]);
+  FILE* fp = fmemopen(buf, 0, "w");
+  ASSERT_EQ('x', buf[0]);
+  ASSERT_EQ(0, fclose(fp));
+}
+
 TEST(STDIO_TEST, fmemopen_write_only_allocated) {
   // POSIX says fmemopen "may fail if the mode argument does not include a '+'".
   // BSD fails, glibc doesn't. We side with the more lenient.