diff --git a/lib/upgrade/upgrade_supported.go b/lib/upgrade/upgrade_supported.go
index ae63b48c..d4a05f46 100644
--- a/lib/upgrade/upgrade_supported.go
+++ b/lib/upgrade/upgrade_supported.go
@@ -224,6 +224,11 @@ func readTarGz(archiveName, dir string, r io.Reader) (string, error) {
 		if err != nil {
 			return "", err
 		}
+		if hdr.Size > maxBinarySize {
+			// We don't even want to try processing or skipping over files
+			// that are too large.
+			break
+		}
 
 		err = archiveFileVisitor(dir, &tempName, &sig, hdr.Name, tr)
 		if err != nil {
@@ -264,6 +269,12 @@ func readZip(archiveName, dir string, r io.Reader) (string, error) {
 		}
 		i++
 
+		if file.UncompressedSize64 > maxBinarySize {
+			// We don't even want to try processing or skipping over files
+			// that are too large.
+			break
+		}
+
 		inFile, err := file.Open()
 		if err != nil {
 			return "", err