diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index a360b24ed320..d36f13e0c496 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -750,6 +750,14 @@ int diWrite(tid_t tid, struct inode *ip)
 		xp = (dtpage_t *) & dp->di_dtroot;
 		lv = ilinelock->lv;
 		for (n = 0; n < ilinelock->index; n++, lv++) {
+			/* Validate offset and length to prevent out-of-bounds access */
+			if (lv->offset < 0 || lv->offset >= DTROOTMAXSLOT ||
+				lv->length <= 0 || (lv->offset + lv->length) > DTROOTMAXSLOT) {
+				pr_warn("diWrite: Invalid lv offset/length: offset=%d, length=%d\n",
+						lv->offset, lv->length);
+				return -EINVAL;
+			}
+
 			memcpy(&xp->slot[lv->offset], &p->slot[lv->offset],
 			       lv->length << L2DTSLOTSIZE);
 		}