Fix #1699 - Double free with aa

libr/util/buf.c

@@ -260,22 +260,21 @@ R_API ut8 *r_buf_get_at (RBuffer *b, ut64 addr, int *left) {
 R_API int r_buf_read_at(RBuffer *b, ut64 addr, ut8 *buf, int len) {
 	st64 pa;
 	if (!b) return 0;
+	if (addr == UT64_MAX)
+		return 0;
 	if (addr == R_BUF_CUR)
 		addr = b->cur;
-	pa = addr - b->base;
-	if (pa<0)
+	if (addr < b->base)
 		return 0;
-#if 1
+	pa = addr - b->base;
 	if (pa+len > b->length) {
 		len = b->length - pa;
 		if (len<0)
 			return 0;
-		memset (buf+pa, 0xff, len);
+		memset (buf, 0xff, len);
 	}
-#else
-	/* if we avoid partial reads it breaks stuff */
-	if (addr-b->base+len > b->length) return 0;
-#endif
+	// must be +pa, but maybe its missused?
+	//return r_buf_cpy (b, addr, buf, b->buf+pa, len, R_FALSE);
 	return r_buf_cpy (b, addr, buf, b->buf, len, R_FALSE);
 }