diff --git a/fuzzer/Fuzzer.java b/fuzzer/Fuzzer.java
index 6b6f3fb4dedaa9d4007adbcf09fa3ffd6444d979..85ffea567160a985f7b4301d5f92af4f8c4c58a1 100644
--- a/fuzzer/Fuzzer.java
+++ b/fuzzer/Fuzzer.java
@@ -30,9 +30,7 @@ public class Fuzzer {
             /*pw.println("MOV R1 65535");
             pw.println("LDR R0 R1 0");*/
             
-            pw.println("MOV R1 1");
-            pw.println("LDR R0 R1 65535");
-            pw.println("RET R0");
+            pw.println("RET R-1");
            
            
             /*pw.print("RET R0");
diff --git a/src/machine-vuln3.c b/src/machine-vuln3.c
index c2da3d6c9743e2ba57d5589a4ae6c433abb9aa6a..cdad31ece6b49af8a8ab3bc4f3f205d7cc53d4dc 100644
--- a/src/machine-vuln3.c
+++ b/src/machine-vuln3.c
@@ -40,7 +40,7 @@ const char INSTRUCTION_JZ[] = "jz";
 #define NUM_REGS       32
 #define MAX_REG        (NUM_REGS-1)
 #define MEMORY_SIZE    65536              /* 4 x as much memory as a 64 */
-#define MAX_ADDR       (MEMORY_SIZE)
+#define MAX_ADDR       (MEMORY_SIZE-1)
 
 
 /* we force building with -fwrapv to ensure that signed overflow is defined
@@ -126,7 +126,7 @@ static void do_move(unsigned int rd, int32_t val){
   regs[rd] = val;
 }
 
-#define valid_reg(reg) (reg >= 0 && reg <= MAX_REG)
+#define valid_reg(reg) (reg <= MAX_REG)
 
 
 /* returns 0 on success, nonzero on failure. puts register number into
diff --git a/src/pocs/poc3.s b/src/pocs/poc3.s
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..29f75bd4b674892ac28200902d10eabb9754721d 100644
--- a/src/pocs/poc3.s
+++ b/src/pocs/poc3.s
@@ -0,0 +1,3 @@
+ pw.println("MOV R1 1");
+ pw.println("LDR R0 R1 65535");
+ pw.println("RET R0");
\ No newline at end of file