--- wv2-0.2.2/src/word_helper.h	2004-05-09 15:53:27.000000000 -0400
+++ wv2-0.2.2-new/src/word_helper.h	2006-06-15 14:55:47.000000000 -0400
@@ -552,8 +552,12 @@
             const U8 tmp = m_fkp.m_rgb[ m_index ].offset;
             // Now we have to calculate the real offset and then locate it
             // within our cached array...
-            if ( tmp != 0 )
-                return &m_fkp.m_fkp[ tmp * 2 - m_fkp.m_internalOffset ];
+            if ( tmp != 0 ) {
+                const int pos = tmp * 2 - m_fkp.m_internalOffset;
+                if (pos < 0 || pos >= 511 - m_fkp.m_internalOffset)
+                    return 0;
+                return &m_fkp.m_fkp[ pos ];
+            }
         }
         return 0;
     }