diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
index 253d14f8..f78d348e 100644
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -985,6 +985,11 @@ OPJ_BOOL opj_t2_read_packet_header( opj_t2_t* p_t2,
                         l_cblk->numnewpasses = opj_t2_getnumpasses(l_bio);
                         l_increment = opj_t2_getcommacode(l_bio);
 
+                                /* testcase 1802.pdf.SIGSEGV.36e.894 */
+                                if (l_cblk->segs[l_segno].newlen > *l_modified_length_ptr) {
+                                        opj_bio_destroy(l_bio);
+                                        return OPJ_FALSE;
+                                }
                         /* length indicator increment */
                         l_cblk->numlenbits += l_increment;
                         l_segno = 0;
@@ -1153,6 +1158,7 @@ OPJ_BOOL opj_t2_read_packet_data(   opj_t2_t* p_t2,
                                     OPJ_BYTE* new_cblk_data = (OPJ_BYTE*) opj_realloc(l_cblk->data, l_cblk->data_current_size + l_seg->newlen);
                                     if(! new_cblk_data) {
                                         opj_free(l_cblk->data);
+                                        l_cblk->data = NULL;
                                         l_cblk->data_max_size = 0;
                                         /* opj_event_msg(p_manager, EVT_ERROR, "Not enough memory to realloc code block cata!\n"); */
                                         return OPJ_FALSE;