diff --git a/lib/escape.c b/lib/escape.c
index 2e38301d9c..24d4c4e42c 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -62,6 +62,9 @@ char *curl_easy_escape(CURL *data, const char *string, int inlength)
   if(!length)
     return curlx_strdup("");
 
+  if(length > SIZE_MAX/16)
+    return NULL;
+
   curlx_dyn_init(&d, length * 3 + 1);
 
   while(length--) {