diff --git a/coreapi/chat_file_transfer.c b/coreapi/chat_file_transfer.c
index 064ab52c0..287d3eca7 100644
--- a/coreapi/chat_file_transfer.c
+++ b/coreapi/chat_file_transfer.c
@@ -134,9 +134,14 @@ static int on_send_body(belle_sip_user_body_handler_t *bh, belle_sip_message_t *
 		LinphoneImEncryptionEngineCbs *imee_cbs = linphone_im_encryption_engine_get_callbacks(imee);
 		LinphoneImEncryptionEngineCbsUploadingFileCb cb_process_uploading_file = linphone_im_encryption_engine_cbs_get_process_uploading_file(imee_cbs);
 		if (cb_process_uploading_file) {
-			uint8_t *encrypted_buffer = (uint8_t *)ms_malloc0(*size);
+			size_t max_size = *size;
+			uint8_t *encrypted_buffer = (uint8_t *)ms_malloc0(max_size);
 			retval = cb_process_uploading_file(imee, msg, offset, (const uint8_t *)buffer, size, encrypted_buffer);
 			if (retval == 0) {
+				if (*size > max_size) {
+					ms_error("IM encryption engine process upload file callback returned a size bigger than the size of the buffer, so it will be truncated !");
+					*size = max_size;
+				}
 				memcpy(buffer, encrypted_buffer, *size);
 			}
 			ms_free(encrypted_buffer);
diff --git a/include/linphone/im_encryption_engine.h b/include/linphone/im_encryption_engine.h
index a0182b9a9..a65fac88e 100644
--- a/include/linphone/im_encryption_engine.h
+++ b/include/linphone/im_encryption_engine.h
@@ -67,9 +67,9 @@ typedef void (*LinphoneImEncryptionEngineCbsGenerateFileTransferKeyCb)(LinphoneI
  * @param engine LinphoneImEncryptionEngine object
  * @param msg LinphoneChatMessage object
  * @param offset The current offset of the upload
- * @param buffer Encrypted data buffer
- * @param size Size of the encrypted data buffer
- * @param decrypted_buffer Buffer in which to write the decrypted data
+ * @param[in] buffer Encrypted data buffer
+ * @param[in] size Size of the encrypted data buffer and maximum size of the decrypted data buffer
+ * @param[out] decrypted_buffer Buffer in which to write the decrypted data which maximum size is size
  * @return -1 if nothing to be done, 0 on success or an integer > 0 for error
 */
 typedef int (*LinphoneImEncryptionEngineCbsDownloadingFileCb)(LinphoneImEncryptionEngine *engine, LinphoneChatMessage *msg, size_t offset, const uint8_t *buffer, size_t size, uint8_t *decrypted_buffer);
@@ -79,9 +79,9 @@ typedef int (*LinphoneImEncryptionEngineCbsDownloadingFileCb)(LinphoneImEncrypti
  * @param engine LinphoneImEncryptionEngine object
  * @param msg LinphoneChatMessage object
  * @param offset The current offset of the upload
- * @param buffer Encrypted data buffer
- * @param size Size of the plain data buffer and the size of the encrypted data buffer once encryption is done
- * @param encrypted_buffer Buffer in which to write the encrypted data
+ * @param[in] buffer Encrypted data buffer
+ * @param[in,out] size Size of the plain data buffer and the size of the encrypted data buffer once encryption is done
+ * @param[out] encrypted_buffer Buffer in which to write the encrypted data which maxmimum size is size
  * @return -1 if nothing to be done, 0 on success or an integer > 0 for error
 */
 typedef int (*LinphoneImEncryptionEngineCbsUploadingFileCb)(LinphoneImEncryptionEngine *engine, LinphoneChatMessage *msg, size_t offset, const uint8_t *buffer, size_t *size, uint8_t *encrypted_buffer);