diff --git a/decode.go b/decode.go
index 43da069..812a590 100644
--- a/decode.go
+++ b/decode.go
@@ -238,6 +238,9 @@ func (d *Decoder) decodeString(v reflect.Value) error {
 	if err != nil {
 		return err
 	}
+	if l < 0 {
+		return fmt.Errorf("invalid negative string length: %d", l)
+	}
 
 	//read exactly l bytes out and make our string
 	buf := make([]byte, l)
diff --git a/decode_test.go b/decode_test.go
index 756f032..a83d154 100644
--- a/decode_test.go
+++ b/decode_test.go
@@ -79,6 +79,7 @@ func TestDecode(t *testing.T) {
 		{`di5ei2ee`, new(interface{}), nil, true},
 		{`d3:fooe`, new(interface{}), nil, true},
 		{`l3:foo3:bar`, new(interface{}), nil, true},
+		{`d3:000d3:000ld-6:`, new(interface{}), nil, true},
 	}
 
 	for i, tt := range decodeCases {