diff --git a/src/NT_fmt_plug.c b/src/NT_fmt_plug.c
index eb52e3d..411a45b 100644
--- a/src/NT_fmt_plug.c
+++ b/src/NT_fmt_plug.c
@@ -652,7 +652,7 @@ static inline void set_key_helper(unsigned int * keybuffer,
 	for(; key[md4_size]; i += xBuf, md4_size++)
 	{
 		unsigned int temp;
-		if ((temp = key[++md4_size]))
+		if ((temp = key[++md4_size]) && md4_size < PLAINTEXT_LENGTH)
 		{
 			keybuffer[i] = key[md4_size-1] | (temp << 16);
 		}
@@ -704,7 +704,7 @@ static inline void set_key_helper_utf8(unsigned int * keybuffer, unsigned int xB
     const UTF8 * source, unsigned int lenStoreOffset, unsigned int *lastlen)
 {
 	unsigned int *target = keybuffer;
-	unsigned int *targetEnd = &keybuffer[xBuf * ((PLAINTEXT_LENGTH + 1) >> 1)];
+	unsigned int *targetEnd = &keybuffer[xBuf * (PLAINTEXT_LENGTH >> 1)];
 	UTF32 chl, chh = 0x80;
 	unsigned int outlen = 0;
 
@@ -844,7 +844,7 @@ static inline void set_key_helper_encoding(unsigned int * keybuffer,
 		i = 0;
 		for(md4_size = 0; key[md4_size]; i += xBuf, md4_size++)
 			{
-				if ((temp = CP_to_Unicode[key[++md4_size]]))
+				if ((temp = CP_to_Unicode[key[++md4_size]]) && md4_size < PLAINTEXT_LENGTH)
 					keybuffer[i] = CP_to_Unicode[key[md4_size-1]] | (temp << 16);
 				else {
 					keybuffer[i] = CP_to_Unicode[key[md4_size-1]] | 0x800000;