What I mean is literally have an assert with incoming data as the parameter:
> assert(data_buf[4] < 8);
While your protocol might guarantee that data_buf[4] should always be a value less than 8, you don't use assert() to check it because it aborts the program if the check fails. The proper thing to do is a range check that returns an error for a protocol error (malformed data, etc.).
ZeroMQ literally called assert and any bad data coming in over the wire would cause your app to abort. Insane.
I literally meant the library would call assert() on incoming data. I am fairly certain that has been removed for a long time, but it can be hard to get past first impressions.
> assert(data_buf[4] < 8);
While your protocol might guarantee that data_buf[4] should always be a value less than 8, you don't use assert() to check it because it aborts the program if the check fails. The proper thing to do is a range check that returns an error for a protocol error (malformed data, etc.).
ZeroMQ literally called assert and any bad data coming in over the wire would cause your app to abort. Insane.
Here is an example bug report:
https://github.com/zeromq/libzmq/issues/186
Keep in mind this was a LONG time ago! So this is not an indictment of the current project!