diff --git a/CHANGES b/CHANGES
index 015f9b3249..577100719e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,7 @@
+3350.	[bug]		Memory read overrun in isc___mem_reallocate if
+			ISC_MEM_DEBUGCTX memory debugging flag is set.
+			[RT #30240]
+
 3348.	[security]	prevent RRSIG data from being cached if a negative 
 			record matching the covering type exists at a higher 
 			trust level. Such data already can't be retrieved from 
diff --git a/lib/isc/mem.c b/lib/isc/mem.c
index dac706d60f..64df00b332 100644
--- a/lib/isc/mem.c
+++ b/lib/isc/mem.c
@@ -1405,7 +1405,11 @@ isc__mem_reallocate(isc_mem_t *ctx, void *ptr, size_t size FLARG) {
 			oldsize = (((size_info *)ptr)[-1]).u.size;
 			INSIST(oldsize >= ALIGNMENT_SIZE);
 			oldsize -= ALIGNMENT_SIZE;
-			copysize = oldsize > size ? size : oldsize;
+			if ((isc_mem_debugging & ISC_MEM_DEBUGCTX) != 0) {
+				INSIST(oldsize >= ALIGNMENT_SIZE);
+				oldsize -= ALIGNMENT_SIZE;
+			}
+			copysize = (oldsize > size) ? size : oldsize;
 			memcpy(new_ptr, ptr, copysize);
 			isc__mem_free(ctx, ptr FLARG_PASS);
 		}