Index: openjpeg-1.5.1/libopenjpeg/j2k.c
===================================================================
--- openjpeg-1.5.1.orig/libopenjpeg/j2k.c	2013-01-01 01:01:01.000000000 +0000
+++ openjpeg-1.5.1/libopenjpeg/j2k.c	2013-01-01 01:01:01.000000000 +0000
@@ -1606,6 +1606,14 @@ static void j2k_read_rgn(opj_j2k_t *j2k)
 	};
 #endif /* USE_JPWL */
 
+	/* totlen is negative or larger than the bytes left!!! */
+	if (compno >= numcomps) {
+		opj_event_msg(j2k->cinfo, EVT_ERROR,
+			"JPWL: bad component number in RGN (%d when there are only %d)\n",
+			compno, numcomps);
+		return;
+	}
+
 	tcp->tccps[compno].roishift = cio_read(cio, 1);				/* SPrgn */
 }