diff --git a/docs/changes.txt b/docs/changes.txt
index fa82b4feaf..68b8f1f0af 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -14,6 +14,7 @@ All (GUI):
 
 - Added wxXmlResource::Unload()
 - Possibility of modeless wxWizard dialog (with presentation in sample).
+- Fixed a rare crash due to malformed HTML in wxHTML (Xavier Nodet)
 
 wxMSW:
 
diff --git a/src/html/htmltag.cpp b/src/html/htmltag.cpp
index f5e93ffa03..0149450543 100644
--- a/src/html/htmltag.cpp
+++ b/src/html/htmltag.cpp
@@ -194,6 +194,16 @@ void wxHtmlTagsCache::QueryTag(int at, int* end1, int* end2)
         int delta = (at < m_Cache[m_CachePos].Key) ? -1 : 1;
         do
         {
+            if ( m_CachePos < 0 || m_CachePos == m_CacheSize )
+            {
+                // something is very wrong with HTML, give up by returning an
+                // impossibly large value which is going to be ignored by the
+                // caller
+                *end1 =
+                *end2 = INT_MAX;
+                return;
+            }
+
             m_CachePos += delta;
         }
         while (m_Cache[m_CachePos].Key != at);