search for: boot_image_end

...download payload and > replaces it with something like "You are not authorized to download > this file"... $0.02: - Casting to a uintptr_t is ugly (and not C89, not that Syslinux cares about that) - The boot_image + boot_image_len calculation is loop invariant, so some kind of boot_image_end or wpe pointer before the loop might be nicer. Unfortunately, the 8-bit boot_image_len (bytes) versus the 32-bit wp stride complicates things Maybe something like: const uint32_t * wpe = (const uint32_t *) boot_image + boot_len / sizeof *wpe; where the 'for' check could then: ......

If the ldlinux being processed is garbage, the search for LDLINUX_MAGIC will overflow its buffer - fix that. I did encounter this issue in Rufus as, due to notorious incompatibilities between different versions of ldlinux.sys and the com32's residing on an ISO, we download a version specific ldlinux.sys from our server... which may get trashed if the user sits behind one of these