From dd5909568f21c5a4f1a281a2771b6566bfb242af Mon Sep 17 00:00:00 2001
From: Jakob Borg <jakob@nym.se>
Date: Fri, 6 May 2016 14:14:19 +0000
Subject: [PATCH] lib/upgrade: Don't attempt processing files larger than
 expected max binary size (ref #3045)

GitHub-Pull-Request: https://github.com/syncthing/syncthing/pull/3047
---
 lib/upgrade/upgrade_supported.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lib/upgrade/upgrade_supported.go b/lib/upgrade/upgrade_supported.go
index ae63b48c3..d4a05f461 100644
--- a/lib/upgrade/upgrade_supported.go
+++ b/lib/upgrade/upgrade_supported.go
@@ -224,6 +224,11 @@ func readTarGz(archiveName, dir string, r io.Reader) (string, error) {
 		if err != nil {
 			return "", err
 		}
+		if hdr.Size > maxBinarySize {
+			// We don't even want to try processing or skipping over files
+			// that are too large.
+			break
+		}
 
 		err = archiveFileVisitor(dir, &tempName, &sig, hdr.Name, tr)
 		if err != nil {
@@ -264,6 +269,12 @@ func readZip(archiveName, dir string, r io.Reader) (string, error) {
 		}
 		i++
 
+		if file.UncompressedSize64 > maxBinarySize {
+			// We don't even want to try processing or skipping over files
+			// that are too large.
+			break
+		}
+
 		inFile, err := file.Open()
 		if err != nil {
 			return "", err