diff --git a/libfreerdp/core/info.c b/libfreerdp/core/info.c
index b07fd9a01..a957391c7 100644
--- a/libfreerdp/core/info.c
+++ b/libfreerdp/core/info.c
@@ -43,6 +43,8 @@ static const char* const INFO_TYPE_LOGON_STRINGS[4] =
 	"Logon Extended Info"
 };
 
+/* This define limits the length of the strings in the label field. */
+#define MAX_LABEL_LENGTH 40
 static struct
 {
 	UINT32      flag;
@@ -73,22 +75,17 @@ static struct
 FREERDP_LOCAL char* rdp_info_package_flags_description(UINT32 flags)
 {
 	char* result;
-	size_t maximum_size = 0;
+	size_t maximum_size = 1; /* Reserve space for the terminating '\0' by strcat if all flags set */
 	size_t i;
+	size_t size;
 
 	for (i = 0; i < ARRAYSIZE(info_flags); i ++)
-	{
-		maximum_size += strlen(info_flags[i].label) + 1;
-	}
+		maximum_size += strnlen(info_flags[i].label, MAX_LABEL_LENGTH) + 1;
 
-	result = malloc(maximum_size);
+	result = calloc(maximum_size, sizeof(char));
 
 	if (!result)
-	{
 		return 0;
-	}
-
-	result[0] = '\0';
 
 	for (i = 0; i < ARRAYSIZE(info_flags); i ++)
 	{
@@ -99,7 +96,11 @@ FREERDP_LOCAL char* rdp_info_package_flags_description(UINT32 flags)
 		}
 	}
 
-	result[strlen(result) - 1] = '\0'; /* remove last "|" */
+	size = strnlen(result, maximum_size);
+
+	if (size > 0)
+		result[size - 1] = '\0'; /* remove last "|" */
+
 	return result;
 }