diff --git a/fileio.c b/fileio.c

index 03fc4be..2a61a30 100644

--- a/fileio.c

+++ b/fileio.c

@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] =

 #endif

 static ZCONST char Far ExtraFieldTooLong[] =

   "warning:  extra field too long (%d).  Ignoring...\n";

+static ZCONST char Far ExtraFieldCorrupt[] =

+  "warning:  extra field (type: 0x%04x) corrupt.  Continuing...\n";

 #ifdef WINDLL

    static ZCONST char Far DiskFullQuery[] =

@@ -2295,7 +2295,13 @@ int do_string(__G__ length, option)   /* return PK-type error code */

             if (readbuf(__G__ (char *)G.extra_field, length) == 0)

                 return PK_EOF;

             /* Looks like here is where extra fields are read */

-            getZip64Data(__G__ G.extra_field, length);

+            if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)

+            {

+                Info(slide, 0x401, ((char *)slide,

+                 LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));

+                error = PK_WARN;

+            }

+

 #ifdef UNICODE_SUPPORT

             G.unipath_filename = NULL;

             if (G.UzO.U_flag < 2) {

diff --git a/process.c b/process.c

index be6e006..0d57ab4 100644

--- a/process.c

+++ b/process.c

@@ -1,5 +1,5 @@

 /*

-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.

+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.

   See the accompanying file LICENSE, version 2009-Jan-02 or later

   (the contents of which are also included in unzip.h) for terms of use.

@@ -1894,48 +1894,83 @@ int getZip64Data(__G__ ef_buf, ef_len)

     and a 4-byte version of disk start number.

     Sets both local header and central header fields.  Not terribly clever,

     but it means that this procedure is only called in one place.

+

+    2014-12-05 SMS.

+    Added checks to ensure that enough data are available before calling

+    makeint64() or makelong().  Replaced various sizeof() values with

+    simple ("4" or "8") constants.  (The Zip64 structures do not depend

+    on our variable sizes.)  Error handling is crude, but we should now

+    stay within the buffer.

   ---------------------------------------------------------------------------*/

+#define Z64FLGS 0xffff

+#define Z64FLGL 0xffffffff

+

     if (ef_len == 0 || ef_buf == NULL)

         return PK_COOL;

     Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",

       ef_len));

-    while (ef_len >= EB_HEADSIZE) {

+    while (ef_len >= EB_HEADSIZE)

+    {

         eb_id = makeword(EB_ID + ef_buf);

         eb_len = makeword(EB_LEN + ef_buf);

-        if (eb_len > (ef_len - EB_HEADSIZE)) {

-            /* discovered some extra field inconsistency! */

+        if (eb_len > (ef_len - EB_HEADSIZE))

+        {

+            /* Extra block length exceeds remaining extra field length. */

             Trace((stderr,

               "getZip64Data: block length %u > rest ef_size %u\n", eb_len,

               ef_len - EB_HEADSIZE));

             break;

         }

-        if (eb_id == EF_PKSZ64) {

+        if (eb_id == EF_PKSZ64)

+        {

           int offset = EB_HEADSIZE;

-          if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){

-            G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);

-            offset += sizeof(G.crec.ucsize);

+          if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))

+          {

+            if (offset+ 8 > ef_len)

+              return PK_ERR;

+

+            G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);

+            offset += 8;

           }

-          if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){

-            G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);

-            offset += sizeof(G.crec.csize);

+

+          if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))

+          {

+            if (offset+ 8 > ef_len)

+              return PK_ERR;

+

+            G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);

+            offset += 8;

           }

-          if (G.crec.relative_offset_local_header == 0xffffffff){

+

+          if (G.crec.relative_offset_local_header == Z64FLGL)

+          {

+            if (offset+ 8 > ef_len)

+              return PK_ERR;

+

             G.crec.relative_offset_local_header = makeint64(offset + ef_buf);

-            offset += sizeof(G.crec.relative_offset_local_header);

+            offset += 8;

           }

-          if (G.crec.disk_number_start == 0xffff){

+

+          if (G.crec.disk_number_start == Z64FLGS)

+          {

+            if (offset+ 4 > ef_len)

+              return PK_ERR;

+

             G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);

-            offset += sizeof(G.crec.disk_number_start);

+            offset += 4;

           }

+#if 0

+          break;                /* Expect only one EF_PKSZ64 block. */

+#endif /* 0 */

         }

-        /* Skip this extra field block */

+        /* Skip this extra field block. */

         ef_buf += (eb_len + EB_HEADSIZE);

         ef_len -= (eb_len + EB_HEADSIZE);

     }