diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c
index eedf6926c652..96f8e0bce217 100644
--- a/fs/gfs2/bmap.c
+++ b/fs/gfs2/bmap.c
@@ -895,8 +895,14 @@ static int __gfs2_iomap_get(struct inode *inode, loff_t pos, loff_t length,
 	iomap->length = len << inode->i_blkbits;
 
 	height = ip->i_height;
-	while ((lblock + 1) * sdp->sd_sb.sb_bsize > sdp->sd_heightsize[height])
+	
+	while (height <= GFS2_MAX_META_HEIGHT && (lblock + 1) * sdp->sd_sb.sb_bsize > sdp->sd_heightsize[height])
 		height++;
+	
+	if (height > GFS2_MAX_META_HEIGHT) {
+		ret = -ERANGE;
+		goto unlock;
+	}
 	find_metapath(sdp, lblock, mp, height);
 	if (height > ip->i_height || gfs2_is_stuffed(ip))
 		goto do_alloc;