A serious security bug... caused by no bounds checking.

[bearophile]

Marco Leise:

> hbtype = buffer[0]; // read type, ok
> // but this??? ugh!!!
> payload = bigEndianToHost(*cast(short*)buffer[1 .. 3].ptr);
> bp[0 .. payload] = buffer[3 .. 3+payload];
>
> The code becomes pretty messy in my eyes.

In most cases D allows you to find a way to write your code in a 
reasonably nice and reasonably safe way. You just have to be in 
the right mind frame.

Bye,
bearophile