diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 openjpeg-1.5.1/libopenjpeg/j2k.c
--- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887	2014-01-07 15:13:20.297114457 -0600
+++ openjpeg-1.5.1/libopenjpeg/j2k.c	2014-01-07 15:13:20.302114404 -0600
@@ -1697,8 +1697,11 @@ static void j2k_read_eoc(opj_j2k_t *j2k)
 	else {
 		for (i = 0; i < j2k->cp->tileno_size; i++) {
 			tileno = j2k->cp->tileno[i];
-			opj_free(j2k->tile_data[tileno]);
-			j2k->tile_data[tileno] = NULL;
+			/* not sure if this can actually happen */
+			if (tileno != -1) {
+				opj_free(j2k->tile_data[tileno]);
+				j2k->tile_data[tileno] = NULL;
+			}
 		}
 	}	
 	if (j2k->state & J2K_STATE_ERR)
@@ -1858,8 +1861,10 @@ void j2k_destroy_decompress(opj_j2k_t *j
         if(j2k->cp != NULL) {
             for (i = 0; i < j2k->cp->tileno_size; i++) {
                 int tileno = j2k->cp->tileno[i];
-                opj_free(j2k->tile_data[tileno]);
-                j2k->tile_data[tileno] = NULL;
+		if (tileno != -1) {
+			opj_free(j2k->tile_data[tileno]);
+			j2k->tile_data[tileno] = NULL;
+		}
             }
         }