diff -urNp cpio-2.10-orig/lib/rtapelib.c cpio-2.10/lib/rtapelib.c
--- cpio-2.10-orig/lib/rtapelib.c	2010-03-10 14:41:41.000000000 +0100
+++ cpio-2.10/lib/rtapelib.c	2010-03-10 14:44:54.000000000 +0100
@@ -580,6 +580,9 @@ rmt_read__ (int handle, char *buffer, si
       || (status = get_status (handle)) == SAFE_READ_ERROR)
     return SAFE_READ_ERROR;
 
+  if (status > length)
+    return SAFE_READ_ERROR;
+
   for (counter = 0; counter < status; counter += rlen, buffer += rlen)
     {
       rlen = safe_read (READ_SIDE (handle), buffer, status - counter);