diff -urNp tar-1.22-orig/lib/rtapelib.c tar-1.22/lib/rtapelib.c

--- tar-1.22-orig/lib/rtapelib.c	2007-08-12 09:57:15.000000000 +0200

+++ tar-1.22/lib/rtapelib.c	2010-02-22 13:58:07.000000000 +0100

@@ -573,6 +573,9 @@ rmt_read__ (int handle, char *buffer, si

       || (status = get_status (handle)) == SAFE_READ_ERROR)

     return SAFE_READ_ERROR;

+  if (status > length)

+    return SAFE_READ_ERROR;

+

   for (counter = 0; counter < status; counter += rlen, buffer += rlen)

     {

       rlen = safe_read (READ_SIDE (handle), buffer, status - counter);