diff --git a/sys/dev/usb/usb_subr.c b/sys/dev/usb/usb_subr.c
index cdea5808998f..02ae473a3105 100644
--- a/sys/dev/usb/usb_subr.c
+++ b/sys/dev/usb/usb_subr.c
@@ -556,11 +556,11 @@ usbd_fill_iface_data(struct usbd_device *dev, int ifaceidx, int altidx)
 #define ed ((usb_endpoint_descriptor_t *)p)
 	for (endpt = 0; endpt < nendpt; endpt++) {
 		DPRINTFN(10, "endpt=%jd", endpt, 0, 0, 0);
-		for (; p < end; p += ed->bLength) {
+		for (; p <= end - sizeof(*ed); p += ed->bLength) {
 			DPRINTFN(10, "p=%#jx end=%#jx len=%jd type=%jd",
 			    (uintptr_t)p, (uintptr_t)end, ed->bLength,
 			    ed->bDescriptorType);
-			if (p + ed->bLength <= end &&
+			if (end - p >= ed->bLength &&
 			    ed->bLength >= USB_ENDPOINT_DESCRIPTOR_SIZE &&
 			    ed->bDescriptorType == UDESC_ENDPOINT)
 				goto found;