diff --git a/ChangeLog b/ChangeLog
index 2cfbd040..52994cbf 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
 2009-12-03  Frank Warmerdam  <warmerdam@pobox.com>
 
+	* libtiff/tif_jpeg.c: Made JPEGDecodeRaw() check for buffer overruns.
+	Made so that when working with downsampled images a stub function 
+	reporting an error is used for tif_decoderow.  We cannot meaningfully
+	support reading scanlines in this situation.  (#1936)
+
 	* libtiff/tif_jpeg.c: Ensure that tif_scanlinesize is computed after
 	resetting of the upsampling values (gdal:#3259).
 	http://bugzilla.maptools.org/show_bug.cgi?id=1936
diff --git a/libtiff/tif_jpeg.c b/libtiff/tif_jpeg.c
index e2c4ea31..7a3bfb8e 100644
--- a/libtiff/tif_jpeg.c
+++ b/libtiff/tif_jpeg.c
@@ -1,4 +1,4 @@
-/* $Id: tif_jpeg.c,v 1.85 2009-12-04 01:21:52 fwarmerdam Exp $ */
+/* $Id: tif_jpeg.c,v 1.86 2009-12-04 01:37:58 fwarmerdam Exp $ */
 
 /*
  * Copyright (c) 1994-1997 Sam Leffler
@@ -184,6 +184,7 @@ static int JPEGDecodeRaw(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s);
 static int JPEGEncode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s);
 static int JPEGEncodeRaw(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s);
 static int JPEGInitializeLibJPEG(TIFF * tif, int decode );
+static int DecodeRowError(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s);
 
 #define	FIELD_JPEGTABLES	(FIELD_CODEC+0)
 
@@ -1166,7 +1167,7 @@ JPEGPreDecode(TIFF* tif, uint16 s)
 	if (downsampled_output) {
 		/* Need to use raw-data interface to libjpeg */
 		sp->cinfo.d.raw_data_out = TRUE;
-		tif->tif_decoderow = JPEGDecodeRaw;
+		tif->tif_decoderow = DecodeRowError;
 		tif->tif_decodestrip = JPEGDecodeRaw;
 		tif->tif_decodetile = JPEGDecodeRaw;
 	} else {
@@ -1293,6 +1294,19 @@ JPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
 	    || TIFFjpeg_finish_decompress(sp);
 }
 
+/*ARGSUSED*/ static int
+DecodeRowError(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+
+{
+    (void) buf;
+    (void) cc;
+    (void) s;
+
+    TIFFErrorExt(tif->tif_clientdata, "TIFFReadScanline",
+                 "scanline oriented access is not supported for downsampled JPEG compressed images, consider enabling TIFF_JPEGCOLORMODE as JPEGCOLORMODE_RGB." );
+    return 0;
+}
+
 /*
  * Decode a chunk of pixels.
  * Returned data is downsampled per sampling factors.
@@ -1306,6 +1320,7 @@ JPEGDecodeRaw(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
 
 	/* data is expected to be read in multiples of a scanline */
 	if ( (nrows = sp->cinfo.d.image_height) ) {
+
 		/* Cb,Cr both have sampling factors 1, so this is correct */
 		JDIMENSION clumps_per_line = sp->cinfo.d.comp_info[1].downsampled_width;            
 		int samples_per_clump = sp->samplesperclump;
@@ -1320,6 +1335,12 @@ JPEGDecodeRaw(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
 			jpeg_component_info *compptr;
 			int ci, clumpoffset;
 
+                        if( cc < sp->bytesperline * sp->v_sampling ) {
+                            TIFFErrorExt(tif->tif_clientdata, "JPEGDecodeRaw",
+                                         "application buffer not large enough for all data.");
+                            return 0;
+                        }
+
 			/* Reload downsampled-data buffer if needed */
 			if (sp->scancount >= DCTSIZE) {
 				int n = sp->cinfo.d.max_v_samp_factor * DCTSIZE;