diff --git a/lib/transfer.c b/lib/transfer.c
index 02eb7e206..1e3fafc8d 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -964,6 +964,12 @@ CURLcode Curl_readwrite(struct connectdata *conn,
 
           /* convert LF to CRLF if so asked */
           if (data->set.crlf) {
+              if(data->state.scratch == NULL)
+                data->state.scratch = malloc(2*BUFSIZE);
+              if(data->state.scratch == NULL) {
+                failf (data, "Failed to alloc scratch buffer!");
+                return CURLE_OUT_OF_MEMORY;
+              }
             for(i = 0, si = 0; i < nread; i++, si++) {
               if (conn->upload_fromhere[i] == 0x0a) {
                 data->state.scratch[si++] = 0x0d;
diff --git a/lib/url.c b/lib/url.c
index c743ed818..de5217d53 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -190,6 +190,9 @@ CURLcode Curl_close(struct SessionHandle *data)
   if(data->state.auth_host)
     free(data->state.auth_host);
 
+  if(data->state.scratch)
+    free(data->state.scratch);
+
   if(data->change.proxy_alloc)
     free(data->change.proxy);
 
diff --git a/lib/urldata.h b/lib/urldata.h
index d68e00998..bd0c80024 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -598,7 +598,7 @@ struct UrlState {
   struct curl_ssl_session *session; /* array of 'numsessions' size */
   long sessionage;                  /* number of the most recent session */
 
-  char scratch[BUFSIZE*2]; /* huge buffer when doing upload CRLF replacing */
+  char *scratch; /* huge buffer[BUFSIZE*2] when doing upload CRLF replacing */
   bool errorbuf; /* Set to TRUE if the error buffer is already filled in.
                     This must be set to FALSE every time _easy_perform() is
                     called. */