diff --git a/weed/s3api/chunked_reader_v4.go b/weed/s3api/chunked_reader_v4.go
index 39d8336f0..c21b57009 100644
--- a/weed/s3api/chunked_reader_v4.go
+++ b/weed/s3api/chunked_reader_v4.go
@@ -369,7 +369,6 @@ func (cr *s3ChunkedReader) Read(buf []byte) (n int, err error) {
 			// If we're at the end of a chunk.
 			if cr.n == 0 {
 				cr.state = readChunkTrailer
-				continue
 			}
 		case verifyChunk:
 			// Check if we have credentials for signature verification
diff --git a/weed/s3api/chunked_reader_v4_test.go b/weed/s3api/chunked_reader_v4_test.go
index c9bad1d8a..b797bf340 100644
--- a/weed/s3api/chunked_reader_v4_test.go
+++ b/weed/s3api/chunked_reader_v4_test.go
@@ -285,7 +285,16 @@ func TestSignedStreamingUploadInvalidSignature(t *testing.T) {
 
 	// Build the chunked payload with INTENTIONALLY WRONG chunk signature
 	// We'll use a modified signature to simulate a tampered request
-	wrongChunkSignature := strings.Replace(chunk1Signature, "a", "b", 1)
+	wrongChunkSignatureBytes := []byte(chunk1Signature)
+	if len(wrongChunkSignatureBytes) > 0 {
+		// Flip the first hex character to guarantee a different signature
+		if wrongChunkSignatureBytes[0] == '0' {
+			wrongChunkSignatureBytes[0] = '1'
+		} else {
+			wrongChunkSignatureBytes[0] = '0'
+		}
+	}
+	wrongChunkSignature := string(wrongChunkSignatureBytes)
 	payload := fmt.Sprintf("400;chunk-signature=%s\r\n%s\r\n", wrongChunkSignature, chunk1Data) +
 		fmt.Sprintf("0;chunk-signature=%s\r\n\r\n", finalSignature)