There is an ASSERT on a runtime condition that should be a dynamic check.
There is also reported a weakness with buffer length. Currently cannot simulate an attack service there, but beafing up the code anyway.