--- a/fs/hfsplus/brec.c
+++ b/fs/hfsplus/brec.c
@@ -124,6 +124,12 @@ int hfs_brec_insert(struct hfs_find_data *fd, void *entry, int entry_len)
 		data_rec_off += 2;
 	} while (data_rec_off < idx_rec_off);
 
+	if (end_off < data_off) {
+		hfs_dbg(BNODE_MOD, "corrupted node: end_off %u < data_off %u\n", end_off, data_off);
+		if (new_node)
+			hfs_bnode_put(new_node);
+		return -EIO;
+	}
 	/* move data away */
 	hfs_bnode_move(node, data_off + size, data_off,
 		       end_off - data_off);