diff --git a/src/stub/src/arm.v4a-linux.elf-entry.S b/src/stub/src/arm.v4a-linux.elf-entry.S
index 464bebaa..653ceb7f 100644
--- a/src/stub/src/arm.v4a-linux.elf-entry.S
+++ b/src/stub/src/arm.v4a-linux.elf-entry.S
@@ -124,9 +124,9 @@ end_decompress: .globl end_decompress
         /* IDENTSTR goes here */
 
 section ELFMAINZ
-unfold:  // in: r3= mflg; lr= &O_BINFO
+unfold:  // in: r3= mflg; r6= elfaddr; lr= &O_BINFO
         str r3,[sp,#F_mflg]
-        mvn r10,r6; add r10,r10,#1  @ "neg r10,r6": -elfaddr
+        mov r10,#0; sub r10,r10,r6  @ "neg r10,r6": -elfaddr
         add r6,lr,#4  @ &b_info of folded code
         add r14,r6,r10  @ offset(b_info)
 
diff --git a/src/stub/src/arm.v4a-linux.elf-fold.S b/src/stub/src/arm.v4a-linux.elf-fold.S
index bbd38f7b..97103ebe 100644
--- a/src/stub/src/arm.v4a-linux.elf-fold.S
+++ b/src/stub/src/arm.v4a-linux.elf-fold.S
@@ -182,14 +182,15 @@ F_delta= 3*4
         str r0,[sp,#F_entry - F_delta]  @ entry address
 
 // Map 1 page of /proc/self/exe so that it does not disappear
-        mov r5,#0  @ SEEK_SET
-        ldr r4,[sp,#F_fd - F_delta]!  @ fd
+        ldr r4,[sp],#4  @ pop r4,F_fd
+        mov r5,#0  @ SEEK_SET offset
+        stmdb sp!,{r4,r5}  @ arg5,arg6 calling convention
         mov r3,#MAP_PRIVATE
         mov r2,#PROT_READ
         mov r1,#PAGE_SIZE
         mov r0,#0  @ any address
         bl mmap  @ no error check: cannot recover
-        ldr r0,[sp],#4  @ F_fd
+        ldmia sp!,{r0,r1}  @ fd, offset
         bl close
 
 #if DEBUG  //{