diff --git a/src/libnsdb/annotation.c b/src/libnsdb/annotation.c
index 2447275..f54500f 100644
--- a/src/libnsdb/annotation.c
+++ b/src/libnsdb/annotation.c
@@ -114,7 +114,7 @@ nsdb_sanitize_annotation(const char *in, char **out)

 	/* Assume worst case: every input character must be escaped */
 	len = strlen(in);
-	result = malloc(len * 2);
+	result = malloc(len * 2 + 1);
 	if (result == NULL) {
 		xlog(D_GENERAL, "%s: Failed to allocate output buffer",
 			__func__);
@@ -129,6 +129,9 @@ nsdb_sanitize_annotation(const char *in, char **out)
 		result[j++] = in[i];
 	}

+	/* NUL-terminate */
+	result[j] = 0;
+
 	*out = result;
 	xlog(D_CALL, "%s: out_len = %zu, out = \"%s\"",
 		__func__, j, result);