diff --git a/[refs] b/[refs]
index e5efacacfe0a..78fe2e0e24b9 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: 76e002f755b61aa79228f4e751bbca8674aba0f6
+refs/heads/master: 6f04864515365e135adc9f1cee4ac1251bb0ed35
diff --git a/trunk/fs/squashfs/xattr_id.c b/trunk/fs/squashfs/xattr_id.c
index 51a7bd0cc449..f60fb3cce183 100644
--- a/trunk/fs/squashfs/xattr_id.c
+++ b/trunk/fs/squashfs/xattr_id.c
@@ -76,6 +76,17 @@ __le64 *squashfs_read_xattr_id_table(struct super_block *sb, u64 start,
 	*xattr_table_start = le64_to_cpu(id_table->xattr_table_start);
 	*xattr_ids = le32_to_cpu(id_table->xattr_ids);
 	kfree(id_table);
+
+	/* Sanity check values */
+
+	/* there is always at least one xattr id */
+	if (*xattr_ids == 0)
+		return ERR_PTR(-EINVAL);
+
+	/* xattr_table should be less than start */
+	if (*xattr_table_start >= start)
+		return ERR_PTR(-EINVAL);
+
 	len = SQUASHFS_XATTR_BLOCK_BYTES(*xattr_ids);
 
 	TRACE("In read_xattr_index_table, length %d\n", len);