--- linux-2.4.28/fs/coda/upcall.c.orig	2005-01-05 10:33:55.427390784 -0200
+++ linux-2.4.28/fs/coda/upcall.c	2005-01-05 10:33:58.739887208 -0200
@@ -538,11 +538,16 @@
 	UPARG(CODA_IOCTL);
 
         /* build packet for Venus */
-        if (data->vi.in_size > VC_MAXDATASIZE) {
+        if (data->vi.in_size > VC_MAXDATASIZE || data->vi.in_size < 0) {
 		error = -EINVAL;
 		goto exit;
         }
 
+	if (data->vi.out_size > VC_MAXDATASIZE || data->vi.out_size < 0) {
+		error = -EINVAL;
+		goto exit;
+	}
+
         inp->coda_ioctl.VFid = *fid;
     
         /* the cmd field was mutated by increasing its size field to