When searching for the payload offset and not finding it in the current buffer, the code attempts to move the last (MAGIC_SIZE - 1) bytes to the beginning of the buffer. However the code for that is wrong. It reads: memmove(p, p + read_cnt - MAGIC_SIZE - 1, MAGIC_SIZE - 1); but should be: memmove(p, p + left + read_cnt - MAGIC_SIZE + 1, MAGIC_SIZE - 1);
it also needs to be moved up above the left/offset update i wrote a simple test script to brute force generate files with every offset possible from 0 to 30k ... seems to work for all of them now