diff --git a/quantum/xap/xap.c b/quantum/xap/xap.c
index 6222a091dc0..26f896b75ef 100644
--- a/quantum/xap/xap.c
+++ b/quantum/xap/xap.c
@@ -21,8 +21,12 @@
 #include "lighting_map.h"
 #include "config_blob_gz.h"
 bool get_config_blob_chunk(uint16_t offset, uint8_t *data, uint8_t data_len) {
-    if (offset + data_len > CONFIG_BLOB_GZ_LEN) {
-        data_len = CONFIG_BLOB_GZ_LEN - offset;
+    if (offset >= CONFIG_BLOB_GZ_LEN) {
+        return false;
+    }
+
+    if (offset + data_len >= CONFIG_BLOB_GZ_LEN) {
+        data_len = (CONFIG_BLOB_GZ_LEN - 1) - offset;
     }
 
     memcpy_P(data, &config_blob_gz[offset], data_len);
diff --git a/quantum/xap/xap_handlers.c b/quantum/xap/xap_handlers.c
index a16dbe34c5d..9277be00b75 100644
--- a/quantum/xap/xap_handlers.c
+++ b/quantum/xap/xap_handlers.c
@@ -71,7 +71,9 @@ bool xap_respond_get_config_blob_chunk(xap_token_t token, const void *data, size
     xap_route_qmk_config_blob_chunk_t ret = {0};
 
     bool get_config_blob_chunk(uint16_t offset, uint8_t * data, uint8_t data_len);
-    get_config_blob_chunk(offset, (uint8_t *)&ret, sizeof(ret));
+    if (!get_config_blob_chunk(offset, (uint8_t *)&ret, sizeof(ret))) {
+        return false;
+    }
 
     return xap_respond_data(token, &ret, sizeof(ret));
 }