- char *buffer = xmalloc (size + 1);
- read_bytes (r, buffer, size);
- buffer[size] = '\0';
+
+ if (size_overflow_p (xsum (1, xtimes (size, count))))
+ sys_error (r, "Extension record too large.");
+
+ size_t n_bytes = size * count;
+ char *buffer = xmalloc (n_bytes + 1);
+ read_bytes (r, buffer, n_bytes);
+ buffer[n_bytes] = '\0';