diff --git a/lib/verity/verity_hash.c b/lib/verity/verity_hash.c
index e9962c54..02333def 100644
--- a/lib/verity/verity_hash.c
+++ b/lib/verity/verity_hash.c
@@ -302,6 +302,11 @@ static int VERITY_create_or_verify_hash(struct crypt_device *cd, bool verify,
 		hash_device_offset_max - params->hash_area_offset);
 	log_dbg(cd, "Using %d hash levels.", levels);
 
+	r = device_check_size(cd, crypt_metadata_device(cd),
+			      hash_device_offset_max - params->hash_area_offset, 1);
+	if (r < 0)
+		return r;
+
 	data_file = fopen(device_path(crypt_data_device(cd)), "r");
 	if (!data_file) {
 		log_err(cd, _("Cannot open device %s."),