diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 35e063c9f3a4..a1b2c3d4e5f6 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -1373,6 +1373,13 @@ dbAllocAG(struct bmap * bmp, int agno, s64 nblocks, int l2nb, s64 * results)
 	dcp = (struct dmapctl *) mp->data;
 	budmin = dcp->budmin;

+	if (budmin < L2BPERDMAP || budmin > L2MAXL2SIZE) {
+		jfs_error(bmp->db_ipbmap->i_sb,
+			  "Corrupt dmapctl budmin %d\n", budmin);
+		release_metapage(mp);
+		return -EIO;
+	}
+
 	if (dcp->leafidx != cpu_to_le32(CTLLEAFIND)) {
 		jfs_error(bmp->db_ipbmap->i_sb, "Corrupt dmapctl page\n");
 		release_metapage(mp);
@@ -1703,6 +1710,13 @@ static int dbFindCtl(struct bmap * bmp, int l2nb, int level, s64 * blkno)
 		dcp = (struct dmapctl *) mp->data;
 		budmin = dcp->budmin;

+		if (budmin < L2BPERDMAP || budmin > L2MAXL2SIZE) {
+			jfs_error(bmp->db_ipbmap->i_sb,
+				  "Corrupt dmapctl budmin %d\n", budmin);
+			release_metapage(mp);
+			return -EIO;
+		}
+
 		if (dcp->leafidx != cpu_to_le32(CTLLEAFIND)) {
 			jfs_error(bmp->db_ipbmap->i_sb,
 				  "Corrupt dmapctl page\n");