--- dosfs.c.orig	2016-11-11 16:34:09.232451000 +0200
+++ dosfs.c	2016-11-11 16:56:18.578627000 +0200
@@ -768,8 +768,7 @@
 fatget(DOS_FS *fs, u_int *c)
 {
     u_char buf[4];
-    u_char *s;
-    u_int x, offset, off, n, nbyte, lsec;
+    u_int x, offset, nbyte;
     struct devdesc *dd = fs->fd->f_devdata;
     int err = 0;
 
@@ -782,26 +781,9 @@
     } else {
 	offset = fatoff(fs->fatsz, *c);
 	nbyte = fs->fatsz != 32 ? 2 : 4;
-
-	s = buf;
-	if ((off = offset & (SECSIZ - 1))) {
-	    offset -= off;
-	    lsec = bytsec(offset);
-	    offset += SECSIZ;
-	    if ((n = SECSIZ - off) > nbyte)
-		n = nbyte;
-	    memcpy(s, fat.buf + secbyt(lsec) + off, n);
-	    s += n;
-	    nbyte -= n;
-	}
-	n = nbyte & (SECSIZ - 1);
-	if (nbyte -= n) {
-	    memcpy(s, fat.buf + secbyt(bytsec(offset)), nbyte);
-	    offset += nbyte;
-	    s += nbyte;
-	}
-	if (n)
-	    memcpy(s, fat.buf + secbyt(bytsec(offset)), n);
+	if (offset + nbyte > secbyt(fat.size))
+	    return EINVAL;
+	memcpy(buf, fat.buf + offset, nbyte);
     }
 
     x = fs->fatsz != 32 ? cv2(buf) : cv4(buf);
@@ -827,14 +809,16 @@
     char *s;
     u_int off, n;
     int err;
+    u_char local_buf[SECSIZ];
 
     s = buf;
     if ((off = offset & (SECSIZ - 1))) {
         offset -= off;
         if ((n = SECSIZ - off) > nbyte)
             n = nbyte;
-        if ((err = ioget(fs->fd, bytsec(offset), off, s, n)))
+        if ((err = ioget(fs->fd, bytsec(offset), 0, local_buf, SECSIZ)))
             return err;
+        memcpy(s, local_buf + off, n);
         offset += SECSIZ;
         s += n;
         nbyte -= n;
@@ -847,8 +831,9 @@
         s += nbyte;
     }
     if (n) {
-        if ((err = ioget(fs->fd, bytsec(offset), 0, s, n)))
+        if ((err = ioget(fs->fd, bytsec(offset), 0, local_buf, SECSIZ)))
             return err;
+        memcpy(s, local_buf, n);
     }
     return 0;
 }