diff --git a/docs/libcurl/curl_easy_escape.md b/docs/libcurl/curl_easy_escape.md
index 1480a75c59..262bf131a8 100644
--- a/docs/libcurl/curl_easy_escape.md
+++ b/docs/libcurl/curl_easy_escape.md
@@ -34,8 +34,7 @@ A-Z, 0-9, '-', '.', '_' or '~' are converted to their "URL escaped" version
 constrained by its type, the returned string may not be altered.
 
 If *length* is set to 0 (zero), curl_easy_escape(3) uses strlen() on the input
-*string* to find out the size. This function does not accept input strings
-longer than **CURL_MAX_INPUT_LENGTH** (8 MB).
+*string* to find out the size.
 
 You must curl_free(3) the returned string when you are done with it.
 
diff --git a/lib/escape.c b/lib/escape.c
index 2e38301d9c..24d4c4e42c 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -62,6 +62,9 @@ char *curl_easy_escape(CURL *data, const char *string, int inlength)
   if(!length)
     return curlx_strdup("");
 
+  if(length > SIZE_MAX/16)
+    return NULL;
+
   curlx_dyn_init(&d, length * 3 + 1);
 
   while(length--) {