diff --git a/ChangeLog b/ChangeLog
index 16a0acc2b..70701114d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+Mon Jul 25 14:33:59 CEST 2011 (acab)
+------------------------------------
+ * libclamav/matcher-hash.c: off by one read in cli_hm_scan (bb#2818)
+
 Tue Jul 19 18:30:53 CEST 2011 (acab)
 ------------------------------------
  * libclamav/autoit.c: avoid dumping uninit data on autoit failure (bb#3051)
diff --git a/libclamav/matcher-hash.c b/libclamav/matcher-hash.c
index ed3a9f682..3cb3bcd71 100644
--- a/libclamav/matcher-hash.c
+++ b/libclamav/matcher-hash.c
@@ -219,7 +219,7 @@ int cli_hm_scan(const unsigned char *digest, uint32_t size, const char **virname
     keylen = hashlen[type];
 
     l = 0;
-    r = szh->items;
+    r = szh->items - 1;
     while(l <= r) {
 	size_t c = (l + r) / 2;
 	int res = hm_cmp(digest, &szh->hash_array[keylen * c], keylen);