diff --git a/libr/core/cmd_write.c b/libr/core/cmd_write.c index fa00385cab23c..a0d45fe24fe13 100644 --- a/libr/core/cmd_write.c +++ b/libr/core/cmd_write.c @@ -71,8 +71,10 @@ static void cmd_write_op (RCore *core, const char *input) { } case '2': case '4': - r_core_write_op (core, input+3, input[1]); - r_core_block_read (core, 0); + if (input[2]){ + r_core_write_op (core, input+3, input[1]); + r_core_block_read (core, 0); + } break; case 'R': r_core_cmd0 (core, "wr $b"); diff --git a/libr/core/io.c b/libr/core/io.c index eb02736d404d3..ae2f2812ec885 100644 --- a/libr/core/io.c +++ b/libr/core/io.c @@ -150,7 +150,8 @@ R_API int r_core_write_op(RCore *core, const char *arg, char op) { } else if (op=='2' || op=='4') { op -= '0'; - for (i=0; iblocksize; i+=op) { + // if i < core->blocksize would pass the test but buf[i+3] goes beyond the buffer + for (i=0; iblocksize-3; i+=op) { /* endian swap */ ut8 tmp = buf[i]; buf[i] = buf[i+3];