Always use the actually read size as the offset instead of making
possibly invalid assumptions.

Addresses: CVE-2012-6618