diff --git a/fs/ntfs3/inode.c b/fs/ntfs3/inode.c
index db2a0bce67f4e140f644af0bf775cf54c2a04d4d..e8e20685acf8fb74597d8304db3229cce166a1e0 100644
--- a/fs/ntfs3/inode.c
+++ b/fs/ntfs3/inode.c
@@ -379,6 +379,13 @@ static struct inode *ntfs_read_mft(struct inode *inode,
 	}
 
 	t64 = le64_to_cpu(attr->nres.svcn);
+
+	/* offset to packed runs is out-of-bounds */
+	if (roff > asize) {
+		err = -EINVAL;
+		goto out;
+	}
+
 	err = run_unpack_ex(run, sbi, ino, t64, le64_to_cpu(attr->nres.evcn),
 			    t64, Add2Ptr(attr, roff), asize - roff);
 	if (err < 0)