diff --git a/NEWS b/NEWS
index 18e0f36b41a4a..1448a7d828445 100644
--- a/NEWS
+++ b/NEWS
@@ -74,6 +74,9 @@ PHP                                                                        NEWS
 - Sockets:
   . Fixed bug #67619 (Validate length on socket_write). (thiagooak)
 
+- sodium:
+  . Fixed bug #77646 (sign_detached() strings not terminated). (jedisct1)
+
 - SQLite3:
   . Unbundled libsqlite. (cmb)
   . Raised requirements to SQLite 3.7.4. (cmb)
diff --git a/ext/sodium/libsodium.c b/ext/sodium/libsodium.c
index c70b9df9ff2ef..2039d97cf37fb 100644
--- a/ext/sodium/libsodium.c
+++ b/ext/sodium/libsodium.c
@@ -1677,7 +1677,8 @@ PHP_FUNCTION(sodium_crypto_sign_detached)
 		zend_throw_exception(sodium_exception_ce, "signature has a bogus size", 0);
 		return;
 	}
-	ZEND_ASSERT(ZSTR_VAL(signature)[signature_real_len] == 0);
+	PHP_SODIUM_ZSTR_TRUNCATE(signature, (size_t) signature_real_len);
+	ZSTR_VAL(signature)[signature_real_len] = 0;
 
 	RETURN_NEW_STR(signature);
 }