Is there a way to avoid overwriting?
Yes, and no.
The signature for the readBytes() method is:
size_t readBytes( char *buffer, size_t length); // read chars from stream into buffer
// terminates if length characters have been read or timeout (see setTimeout)
// returns the number of characters placed in the buffer (0 means no valid data found)
So, you know how many bytes were received. You can NULL terminate the array after that number of characters. That would make the output you saw "12345678" and "9".
I think a better approach is to use readBytesUntil() and send an EXPLICIT end of packet marker (the Serial Monitor can do that automatically). Then, simply check the number of bytes received.