diff --git a/sys/dev/ata/atapi-cd.c b/sys/dev/ata/atapi-cd.c
index 3d4e7f511e1..8561da4bfdc 100644
--- a/sys/dev/ata/atapi-cd.c
+++ b/sys/dev/ata/atapi-cd.c
@@ -798,7 +798,8 @@ acdioctl(dev_t dev, u_long cmd, caddr_t addr, int flags, struct proc *p)
 		args->end_track = cdp->toc.hdr.ending_track + 1;
 	    t1 = args->start_track - cdp->toc.hdr.starting_track;
 	    t2 = args->end_track - cdp->toc.hdr.starting_track;
-	    if (t1 < 0 || t2 < 0) {
+	    if (t1 < 0 || t2 < 0 ||
+		t1 > (cdp->toc.hdr.ending_track-cdp->toc.hdr.starting_track)) {
 		error = EINVAL;
 		break;
 	    }