diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c
index e83d293c3614..0f5ed5fb40cf 100644
--- a/fs/gfs2/ops_fstype.c
+++ b/fs/gfs2/ops_fstype.c
@@ -284,6 +284,14 @@ static int gfs2_read_sb(struct gfs2_sbd *sdp, int silent)
 	sdp->sd_hash_bsize = sdp->sd_sb.sb_bsize / 2;
 	sdp->sd_hash_bsize_shift = sdp->sd_sb.sb_bsize_shift - 1;
 	sdp->sd_hash_ptrs = sdp->sd_hash_bsize / sizeof(u64);
+
+	/* Validate hash_ptrs result */
+	if (sdp->sd_hash_ptrs == 0 || sdp->sd_hash_ptrs > 0x80000000U) {
+		fs_err(sdp, "Invalid sd_hash_ptrs=%u (sb_bsize=%u)\n",
+		   sdp->sd_hash_ptrs, sdp->sd_sb.sb_bsize);
+		return -EINVAL;
+	}
+
 	sdp->sd_qc_per_block = (sdp->sd_sb.sb_bsize -
 				sizeof(struct gfs2_meta_header)) /
 			        sizeof(struct gfs2_quota_change);