--- fs/bfs/inode.c.0	2018-06-15 11:41:58.096196504 +0100
+++ fs/bfs/inode.c	2018-06-15 21:43:32.446336657 +0100
@@ -1,7 +1,7 @@
 /*
  *	fs/bfs/inode.c
  *	BFS superblock and inode operations.
- *	Copyright (C) 1999-2006 Tigran Aivazian <aivazian.tigran@gmail.com>
+ *	Copyright (C) 1999-2018 Tigran Aivazian <aivazian.tigran@gmail.com>
  *	From fs/minix, Copyright (C) 1991, 1992 Linus Torvalds.
  *
  *      Made endianness-clean by Andrew Stribblehill <ads@wompom.org>, 2005.
@@ -350,15 +350,20 @@
 
 	s->s_magic = BFS_MAGIC;
 
-	if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end)) {
+	if (le32_to_cpu(bfs_sb->s_start) > le32_to_cpu(bfs_sb->s_end) ||
+	    le32_to_cpu(bfs_sb->s_start) < sizeof(struct bfs_super_block) 
+                                       + sizeof(struct bfs_dirent)) {
 		printf("Superblock is corrupted\n");
 		goto out1;
 	}
 
-	info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) /
-					sizeof(struct bfs_inode)
+	info->si_lasti = (le32_to_cpu(bfs_sb->s_start) - BFS_BSIZE) / sizeof(struct bfs_inode)
 					+ BFS_ROOT_INO - 1;
-	imap_len = (info->si_lasti / 8) + 1;
+    if (info->si_lasti > 513) { /* Hardcoded: BFS can have up to 512 maximum number of inodes */
+		printf("Impossible number of inodes %lu\n", info->si_lasti);
+		goto out1;
+	}
+	imap_len = round_up((info->si_lasti) / 8, sizeof(unsigned long)) + sizeof(unsigned long);
 	info->si_imap = kzalloc(imap_len, GFP_KERNEL);
 	if (!info->si_imap)
 		goto out1;