diff --git a/CONTRIBUTORS b/CONTRIBUTORS
index ff5258d06..4c9fdc9ab 100644
--- a/CONTRIBUTORS
+++ b/CONTRIBUTORS
@@ -188,6 +188,7 @@ Paul Galbraith
 Paulo Gaspar
 Peter B. West
 Peter Donald
+Peter Hulst
 Peter Reilly
 Phillip Wells
 Pierre Delisle
diff --git a/WHATSNEW b/WHATSNEW
index 98661111b..45039138a 100644
--- a/WHATSNEW
+++ b/WHATSNEW
@@ -16,6 +16,8 @@ Fixed bugs:
 * AntClassLoader did not isolate resources when isolate was set. Bugzilla report 38747.
 * Diagnostics broken when using java 1.4. Bugzilla report 40395.
 * Exception reporting in <copy> was broken. Bugzilla report 40300.
+* Handling of corrupt tar files, TarInputStream.read() never returns EOF.
+  Bugzilla report 39924.
 
 Other changes:
 --------------
diff --git a/contributors.xml b/contributors.xml
index b68cd0546..6aa1f4288 100644
--- a/contributors.xml
+++ b/contributors.xml
@@ -747,6 +747,10 @@
     <first>Peter</first>
     <last>Donald</last>
   </name>
+  <name>
+    <first>Peter</first>
+    <last>Hulst</last>
+  </name>
   <name>
     <first>Peter</first>
     <last>Reilly</last>
diff --git a/src/main/org/apache/tools/tar/TarBuffer.java b/src/main/org/apache/tools/tar/TarBuffer.java
index 6653096cb..a5e3288fb 100644
--- a/src/main/org/apache/tools/tar/TarBuffer.java
+++ b/src/main/org/apache/tools/tar/TarBuffer.java
@@ -271,6 +271,12 @@ public class TarBuffer {
             // Thanks to 'Yohann.Roussel@alcatel.fr' for this fix.
             //
             if (numBytes == -1) {
+                if (offset == 0) {
+                    // Ensure that we do not read gigabytes of zeros
+                    // for a corrupt tar file.
+                    // See http://issues.apache.org/bugzilla/show_bug.cgi?id=39924
+                    return false;
+                }
                 // However, just leaving the unread portion of the buffer dirty does
                 // cause problems in some cases.  This problem is described in
                 // http://issues.apache.org/bugzilla/show_bug.cgi?id=29877