diff --git a/ChangeLog.txt b/ChangeLog.txt
index 69e1262a..fb996c18 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -21,6 +21,13 @@ Clang/LLVM optimizer uses load combining to transfer multiple adjacent 32-bit
 structure members into a single 64-bit register, and this exposed the ABI
 conformance issue.
 
+[4] Fixed a bug in the MIPS DSPr2 4:2:0 "plain" (non-fancy and non-merged)
+upsampling routine that caused a buffer overflow (and subsequent segfault) when
+decompressing a 4:2:0 JPEG image whose scaled output width was less than 16
+pixels.  The "plain" upsampling routines are normally only used when
+decompressing a non-YCbCr JPEG image, but they are also used when decompressing
+a JPEG image whose scaled output height is 1.
+
 
 1.4.1
 =====
diff --git a/simd/jsimd_mips_dspr2.S b/simd/jsimd_mips_dspr2.S
index c5990965..65c169ab 100644
--- a/simd/jsimd_mips_dspr2.S
+++ b/simd/jsimd_mips_dspr2.S
@@ -1811,12 +1811,11 @@ LEAF_MIPS_DSPR2(jsimd_h2v2_upsample_mips_dspr2)
     bgtz    t4, 2b
      addiu  t5, 2
 3:
-    ulw     t6, 0(t7)       // t6 = outptr
-    ulw     t5, 4(t7)       // t5 = outptr[1]
+    lw      t6, 0(t7)       // t6 = outptr[0]
+    lw      t5, 4(t7)       // t5 = outptr[1]
     addu    t4, t6, a1      // t4 = new end address
-    subu    t8, t4, t9
-    beqz    t8, 5f
-     nop
+    beq     a1, t9, 5f
+     subu   t8, t4, t9
 4:
     ulw     t0, 0(t6)
     ulw     t1, 4(t6)