

Use of Assertions - signa11
http://blog.regehr.org/archives/1091

======
tlb
One gotcha it doesn't mention: don't rely on assertions for security-critical
input checks. I sometimes see this sort of thing:

    
    
        char buf[200];
        assert(foo_len < 200);
        memcpy(buf, foo, foo_len);
    

But if asserts get turned off in a release build, it's suddenly vulnerable to
buffer overflow attacks.

------
15DCFA8F
Python assert checking is removed when the code is run with python -O
("optimize"), so it shouldn't be used to validate user input, checking for
critical conditions, etc. It is just a defensive programming and debugging
tool.

