diff --git a/ChangeLog b/ChangeLog
index bbf5d1b3..7834cc72 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,9 @@
 
 	* tools/tiffmedian.c (GetInputLine): Fix Coverity 1024795 "Nesting
 	level does not match indentation".
+	(get_histogram): Quiet Coverity 1024386 "Out-of-bounds read".
+	This was a benign mis-diagnosis but added code to enforce against
+	buffer overflow.
 
 	* tools/tiffcrop.c (ROTATE_ANY): Fix Coverity 1294542 "Logical
 	vs. bitwise operator".
diff --git a/tools/tiffmedian.c b/tools/tiffmedian.c
index 2059a9e0..56eeb211 100644
--- a/tools/tiffmedian.c
+++ b/tools/tiffmedian.c
@@ -1,4 +1,4 @@
-/* $Id: tiffmedian.c,v 1.11 2015-05-28 02:25:11 bfriesen Exp $ */
+/* $Id: tiffmedian.c,v 1.12 2015-05-28 03:08:18 bfriesen Exp $ */
 
 /*
  * Apply median cut on an image.
@@ -371,9 +371,15 @@ get_histogram(TIFF* in, Colorbox* box)
 			break;
 		inptr = inputline;
 		for (j = imagewidth; j-- > 0;) {
-			red = *inptr++ >> COLOR_SHIFT;
-			green = *inptr++ >> COLOR_SHIFT;
-			blue = *inptr++ >> COLOR_SHIFT;
+			red = (*inptr++) & 0xff >> COLOR_SHIFT;
+			green = (*inptr++) & 0xff >> COLOR_SHIFT;
+			blue = (*inptr++) & 0xff >> COLOR_SHIFT;
+                        if ((red | green | blue) >= B_LEN) {
+                                fprintf(stderr,
+                                        "Logic error. "
+                                        "Histogram array overflow!\n");
+                                exit(-6);
+                        }
 			if (red < box->rmin)
 				box->rmin = red;
 		        if (red > box->rmax)