diff --git a/reactos/dll/win32/kernel32/misc/env.c b/reactos/dll/win32/kernel32/misc/env.c
index c4f0ee25ae8..ab6c2d7a1c4 100644
--- a/reactos/dll/win32/kernel32/misc/env.c
+++ b/reactos/dll/win32/kernel32/misc/env.c
@@ -425,6 +425,10 @@ ExpandEnvironmentStringsA (
             return 0;
         }
 
+    /* make sure we don't overflow the maximum ANSI_STRING size */
+    if (nSize > 0x7fff)
+        nSize = 0x7fff;
+
 	Destination.Length = 0;
 	Destination.MaximumLength = (USHORT)nSize;
 	Destination.Buffer = lpDst;
@@ -491,6 +495,10 @@ ExpandEnvironmentStringsW (
 	RtlInitUnicodeString (&Source,
 	                      (LPWSTR)lpSrc);
 
+    /* make sure we don't overflow the maximum UNICODE_STRING size */
+    if (nSize > 0x7fff)
+        nSize = 0x7fff;
+
 	Destination.Length = 0;
 	Destination.MaximumLength = (USHORT)nSize * sizeof(WCHAR);
 	Destination.Buffer = lpDst;