Failure to validate size allows writing of an arbitrary byte after the structure.
Failure to validate otr->esdid allows reading and writing into following data members and up to 5719 bytes past the end of the versados_data_struct
Null pointer dereference in pass 1
Failure to validate dst_idx allows writing user-controlled 4-byte values to memory locations at user-controlled offsets from the contents array.
Created attachment 7856 [details]
Please could you try out the uploaded patch and let me know if it resolves the issues for you ?