diff --git a/glib/gvariant-parser.c b/glib/gvariant-parser.c
index efad35619..dc8cb3e5a 100644
--- a/glib/gvariant-parser.c
+++ b/glib/gvariant-parser.c
@@ -431,6 +431,7 @@ pattern_coalesce (const gchar *left,
 {
   gchar *result;
   gchar *out;
+  size_t buflen;
 
   /* the length of the output is loosely bound by the sum of the input
    * lengths, not simply the greater of the two lengths.
@@ -439,7 +440,8 @@ pattern_coalesce (const gchar *left,
    *
    *      8     +    8    =  12
    */
-  out = result = g_malloc (strlen (left) + strlen (right));
+  buflen = strlen (left) + strlen (right);
+  out = result = g_malloc (buflen);
 
   while (*left && *right)
     {
@@ -493,6 +495,9 @@ pattern_coalesce (const gchar *left,
         }
     }
 
+  /* Need at least one byte remaining for trailing nul. */
+  g_assert (out < result + buflen);
+
   if (*left || *right)
     {
       g_free (result);