diff --git a/extend/lbson/src/bson.h b/extend/lbson/src/bson.h
index 4249159a..d55f9485 100644
--- a/extend/lbson/src/bson.h
+++ b/extend/lbson/src/bson.h
@@ -205,6 +205,10 @@ namespace lbson {
                 if (!lua_isinteger(L, -2)) {
                     return bson_type::BSON_DOCUMENT;
                 }
+                size_t key = lua_tointeger(L, -2);
+                if (key <= 0 || key > raw_len) {
+                    return bson_type::BSON_DOCUMENT;
+                }
                 cur_len++;
                 lua_pop(L, 1);
             }
diff --git a/extend/ljson/src/ljson.h b/extend/ljson/src/ljson.h
index 4ad41863..771b4f57 100644
--- a/extend/ljson/src/ljson.h
+++ b/extend/ljson/src/ljson.h
@@ -62,6 +62,10 @@ namespace ljson {
                 if (!lua_isinteger(L, -2)) {
                     return false;
                 }
+                size_t key = lua_tointeger(L, -2);
+                if (key <= 0 || key > raw_len) {
+                    return false;
+                }
                 lua_pop(L, 1);
                 cur_len++;
             }
diff --git a/extend/luakit/include/lua_codec.h b/extend/luakit/include/lua_codec.h
index 78017b8f..39723e0e 100644
--- a/extend/luakit/include/lua_codec.h
+++ b/extend/luakit/include/lua_codec.h
@@ -56,6 +56,10 @@ namespace luakit {
             if (!lua_isinteger(L, -2)) {
                 return false;
             }
+            size_t key = lua_tointeger(L, -2);
+            if (key <= 0 || key > raw_len) {
+                return false;
+            }
             cur_len++;
             lua_pop(L, 1);
         }