diff --git a/http-response-bodies.c b/http-response-bodies.c
index 8e3c0f9..bd5af61 100644
--- a/http-response-bodies.c
+++ b/http-response-bodies.c
@@ -148,10 +148,10 @@ checkstate:
 				eoh += 4;
 				DEBUG_PRINTF("Response body begins at %p (offset %zu)\n", (void*)eoh, eoh - bufp);
 
-				m0 = memcasemem(bufp, n, "\r\ncontent-length:", 17);
+				m0 = memcasemem(bufp, eoh - bufp, "\r\ncontent-length:", 17);
 				if (m0 && m0 < eoh) {
 					DEBUG_PRINTF("Found Content-Length header at %p (offset %zu)\n", (void*)(m0 + 2), m0 + 2 - bufp);
-					m1 = memmem(m0 + 1, n - (m0 + 1 - bufp), "\r\n", 2);
+					m1 = memmem(m0 + 1, eoh - (m0 + 1), "\r\n", 2);
 					if (!m1) {
 						fprintf(stderr, "Error: CRLF after Content-Length missing\n");
 						return 1;
@@ -180,13 +180,13 @@ checkstate:
 
 					state = STATE_BODY;
 				} else {
-					m0 = memcasemem(bufp, n, "\r\ntransfer-encoding:", 20);
+					m0 = memcasemem(bufp, eoh - bufp, "\r\ntransfer-encoding:", 20);
 					if (!m0 || m0 >= eoh) {
 						fprintf(stderr, "Error: Content-Length and Transfer-Encoding missing\n");
 						return 1;
 					}
 					DEBUG_PRINTF("Found Transfer-Encoding header at %p (offset %zu)\n", (void*)(m0 + 2), m0 + 2 - bufp);
-					m1 = memmem(m0 + 1, n - (m0 + 1 - bufp), "\r\n", 2);
+					m1 = memmem(m0 + 1, eoh - (m0 + 1), "\r\n", 2);
 					if (!m1 || m1 >= eoh - 2) {
 						fprintf(stderr, "Error: CRLF after Transfer-Encoding missing\n");
 						return 1;
@@ -209,10 +209,10 @@ checkstate:
 				}
 
 				if (html_fake_base) {
-					m0 = memcasemem(bufp, n, "\r\ncontent-type:", 15);
+					m0 = memcasemem(bufp, eoh - bufp, "\r\ncontent-type:", 15);
 					if (m0 && m0 < eoh) {
 						DEBUG_PRINTF("Found Content-Type header at %p (offset %zu)\n", (void*)(m0 + 2), m0 + 2 - bufp);
-						m1 = memmem(m0 + 1, n - (m0 + 1 - bufp), "\r\n", 2);
+						m1 = memmem(m0 + 1, eoh - (m0 + 1), "\r\n", 2);
 						if (!m1) {
 							fprintf(stderr, "Error: CRLF after Content-Type missing\n");
 							return 1;