Fix another oobread segfault in the NE bin parser ##crash

* Reported by @Han0nly via huntr.dev
* Reproducers: sample1 sample2 sample3
* BountyID: 47422cdf-aad2-4405-a6a1-6f63a3a93200

libr/bin/format/ne/ne.c

@@ -374,6 +374,9 @@ RList *r_bin_ne_get_entrypoints(r_bin_ne_obj_t *bin) {
 	}
 	int off = 0;
 	while (off < bin->ne_header->EntryTableLength) {
+		if (bin->entry_table + off + 32 >= r_buf_size (bin->buf)) {
+			break;
+		}
 		ut8 bundle_length = *(ut8 *)(bin->entry_table + off);
 		if (!bundle_length) {
 			break;
@@ -398,7 +401,9 @@ RList *r_bin_ne_get_entrypoints(r_bin_ne_obj_t *bin) {
 				ut8 segnum = *(bin->entry_table + off);
 				off++;
 				ut16 segoff = *(ut16 *)(bin->entry_table + off);
-				entry->paddr = (ut64)bin->segment_entries[segnum - 1].offset * bin->alignment + segoff;
+				if (segnum > 0) {
+					entry->paddr = (ut64)bin->segment_entries[segnum - 1].offset * bin->alignment + segoff;
+				}
 			} else { // Fixed
 				entry->paddr = (ut64)bin->segment_entries[bundle_type - 1].offset * bin->alignment + *(ut16 *)(bin->entry_table + off);
 			}