diff --git a/ChangeLog.md b/ChangeLog.md
index c5b91bb2..c50c073d 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -10,6 +10,15 @@ unreasonable slow-down in `jpeg_read_header()` if an application called
 to decompress a JPEG image containing an excessive number of markers of that
 type.
 
+2. Hardened the default marker processor in the decompressor to guard against
+an issue (exposed by 3.0 beta2[6]) whereby attempting to decompress a
+specially-crafted malformed JPEG image (specifically an image with a complete
+12-bit-per-component Start Of Frame segment followed by an incomplete
+8-bit-per-component Start Of Frame segment) using buffered-image mode and input
+prefetching caused a segfault if the `fill_input_buffer()` method in the
+calling application's custom source manager incorrectly returned `FALSE` in
+response to a prematurely-terminated JPEG data stream.
+
 
 3.0.3
 =====
diff --git a/jdmarker.c b/jdmarker.c
index ee6b6d41..f918ee4d 100644
--- a/jdmarker.c
+++ b/jdmarker.c
@@ -248,6 +248,9 @@ get_sof(j_decompress_ptr cinfo, boolean is_prog, boolean is_lossless,
   jpeg_component_info *compptr;
   INPUT_VARS(cinfo);
 
+  if (cinfo->marker->saw_SOF)
+    ERREXIT(cinfo, JERR_SOF_DUPLICATE);
+
   cinfo->progressive_mode = is_prog;
   cinfo->master->lossless = is_lossless;
   cinfo->arith_code = is_arith;
@@ -265,9 +268,6 @@ get_sof(j_decompress_ptr cinfo, boolean is_prog, boolean is_lossless,
            (int)cinfo->image_width, (int)cinfo->image_height,
            cinfo->num_components);
 
-  if (cinfo->marker->saw_SOF)
-    ERREXIT(cinfo, JERR_SOF_DUPLICATE);
-
   /* We don't support files in which the image height is initially specified */
   /* as 0 and is later redefined by DNL.  As long as we have to check that,  */
   /* might as well have a general sanity check. */