diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index a360b24ed320..ccdf82983e17 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -750,6 +750,11 @@ int diWrite(tid_t tid, struct inode *ip)
 		xp = (dtpage_t *) & dp->di_dtroot;
 		lv = ilinelock->lv;
 		for (n = 0; n < ilinelock->index; n++, lv++) {
+			/* Validate offset and length to prevent out-of-bounds access */
+			if (lv->offset >= 128 || lv->length > 128 || (lv->offset + lv->length) > 128) {
+				pr_warn("Invalid slot range: offset=%u, length=%u\n", lv->offset, lv->length);
+				return -EINVAL;
+			}
 			memcpy(&xp->slot[lv->offset], &p->slot[lv->offset],
 			       lv->length << L2DTSLOTSIZE);
 		}