diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 6321894561e04aac7e71adab2f94c4d84a2edade..9083e09b6b4e85d14c7976f03edf833f4336228a 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -313,9 +313,15 @@ static int superblock_doinit(struct super_block *sb)
 
 	sbsec->initialized = 1;
 
-	printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
-	       sb->s_id, sb->s_type->name,
-	       labeling_behaviors[sbsec->behavior-1]);
+	if (sbsec->behavior > ARRAY_SIZE(labeling_behaviors)) {
+		printk(KERN_INFO "SELinux: initialized (dev %s, type %s), unknown behavior\n",
+		       sb->s_id, sb->s_type->name);
+	}
+	else {
+		printk(KERN_INFO "SELinux: initialized (dev %s, type %s), %s\n",
+		       sb->s_id, sb->s_type->name,
+		       labeling_behaviors[sbsec->behavior-1]);
+	}
 
 	/* Initialize the root inode. */
 	rc = inode_doinit_with_dentry(sb->s_root->d_inode, sb->s_root);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index ace257310fa3a186cf5131b6df50a28de55d9503..d1ffecbbd117d7b7317f595b1716d4ad01151fab 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1301,6 +1301,8 @@ int policydb_read(struct policydb *p, void *fp)
 				if (!buf)
 					goto bad;
 				c->v.behavior = le32_to_cpu(buf[0]);
+				if (c->v.behavior > SECURITY_FS_USE_NONE)
+					goto bad;
 				len = le32_to_cpu(buf[1]);
 				buf = next_entry(fp, len);
 				if (!buf)