From caddf0a847f67763ea9f4024d9454baa6074635c Mon Sep 17 00:00:00 2001
From: Craig Edwards <craigedwards@brainbox.cc>
Date: Sun, 6 Oct 2024 08:39:22 +0000
Subject: [PATCH] remove C asserts

---
 src/dpp/dave/array_view.h                   |  1 -
 src/dpp/dave/codec_utils.cpp                | 26 ++++++-------------
 src/dpp/dave/encryptor.cpp                  |  6 +----
 src/dpp/dave/frame_processors.cpp           | 28 ++++-----------------
 src/dpp/dave/mls_key_ratchet.cpp            |  4 ---
 src/dpp/dave/persisted_key_pair.cpp         |  1 -
 src/dpp/dave/persisted_key_pair.h           |  1 -
 src/dpp/dave/persisted_key_pair_generic.cpp |  1 -
 8 files changed, 13 insertions(+), 55 deletions(-)

diff --git a/src/dpp/dave/array_view.h b/src/dpp/dave/array_view.h
index 883e3e27c3..4535776652 100755
--- a/src/dpp/dave/array_view.h
+++ b/src/dpp/dave/array_view.h
@@ -24,7 +24,6 @@
  ************************************************************************************/
 #pragma once
 
-#include <cassert>
 #include <vector>
 
 namespace dpp::dave {
diff --git a/src/dpp/dave/codec_utils.cpp b/src/dpp/dave/codec_utils.cpp
index e8cd21a0bc..6185f5c054 100755
--- a/src/dpp/dave/codec_utils.cpp
+++ b/src/dpp/dave/codec_utils.cpp
@@ -24,9 +24,9 @@
  ************************************************************************************/
 #include "codec_utils.h"
 
-#include <cassert>
 #include <limits>
 #include <optional>
+#include <dpp/exception.h>
 
 #include "logger.h"
 #include "leb128.h"
@@ -69,8 +69,7 @@ unencrypted_frame_header_size BytesCoveringH264PPS(const uint8_t* payload,
 			++payloadBitIndex;
 
 			if (zeroBitCount >= 32) {
-				assert(false && "Unexpectedly large exponential golomb encoded value");
-				return 0;
+				throw dpp::length_exception("Unexpectedly large exponential golomb encoded value");
 			}
 		}
 		else {
@@ -200,9 +199,7 @@ bool process_frame_h264(outbound_frame_processor& processor, array_view<const ui
 	// so we need to look at the first NAL units to determine how many bytes
 	// the packetizer/depacketizer will need into the payload
 	if (frame.size() < kH26XNaluShortStartSequenceSize + kH264NalUnitHeaderSize) {
-		assert(false && "H264 frame is too small to contain a NAL unit");
-		DISCORD_LOG(LS_WARNING) << "H264 frame is too small to contain a NAL unit";
-		return false;
+		throw dpp::length_exception("H264 frame is too small to contain a NAL unit");
 	}
 
 	auto naluIndexPair = FindNextH26XNaluIndex(frame.data(), frame.size());
@@ -263,9 +260,7 @@ bool process_frame_h265(outbound_frame_processor& processor, array_view<const ui
 	// so we need to look at the first NAL units to determine how many bytes
 	// the packetizer/depacketizer will need into the payload
 	if (frame.size() < kH26XNaluShortStartSequenceSize + kH265NalUnitHeaderSize) {
-		assert(false && "H265 frame is too small to contain a NAL unit");
-		DISCORD_LOG(LS_WARNING) << "H265 frame is too small to contain a NAL unit";
-		return false;
+		throw dpp::length_exception("H265 frame is too small to contain a NAL unit");
 	}
 
 	// look for NAL unit 3 or 4 byte start code
@@ -333,9 +328,7 @@ bool process_frame_av1(outbound_frame_processor& processor, array_view<const uin
 
 		if (i >= frame.size()) {
 			// Malformed frame
-			assert(false && "Malformed AV1 frame: header overflows frame");
-			DISCORD_LOG(LS_WARNING) << "Malformed AV1 frame: header overflows frame";
-			return false;
+			throw dpp::logic_exception("Malformed AV1 frame: header overflows frame");
 		}
 
 		size_t obuPayloadSize = 0;
@@ -346,9 +339,7 @@ bool process_frame_av1(outbound_frame_processor& processor, array_view<const uin
 			obuPayloadSize = read_leb128(ptr, frame.end());
 			if (!ptr) {
 				// Malformed frame
-				assert(false && "Malformed AV1 frame: invalid LEB128 size");
-				DISCORD_LOG(LS_WARNING) << "Malformed AV1 frame: invalid LEB128 size";
-				return false;
+				throw dpp::logic_exception("Malformed AV1 frame: invalid LEB128 size");
 			}
 			i += ptr - start;
 		}
@@ -361,9 +352,7 @@ bool process_frame_av1(outbound_frame_processor& processor, array_view<const uin
 
 		if (i + obuPayloadSize > frame.size()) {
 			// Malformed frame
-			assert(false && "Malformed AV1 frame: payload overflows frame");
-			DISCORD_LOG(LS_WARNING) << "Malformed AV1 frame: payload overflows frame";
-			return false;
+			throw dpp::logic_exception("Malformed AV1 frame: payload overflows frame");
 		}
 
 		i += obuPayloadSize;
@@ -415,7 +404,6 @@ bool validate_encrypted_frame(outbound_frame_processor& processor, array_view<ui
 		return true;
 	}
 
-	static_assert(kH26XNaluShortStartSequenceSize - 1 >= 0, "Padding will overflow!");
 	constexpr size_t Padding = kH26XNaluShortStartSequenceSize - 1;
 
 	const auto& unencryptedRanges = processor.get_unencrypted_ranges();
diff --git a/src/dpp/dave/encryptor.cpp b/src/dpp/dave/encryptor.cpp
index d73f971211..ce923b31ed 100755
--- a/src/dpp/dave/encryptor.cpp
+++ b/src/dpp/dave/encryptor.cpp
@@ -26,6 +26,7 @@
 #include <algorithm>
 #include <cstring>
 #include <bytes/bytes.h>
+#include <dpp/exception.h>
 #include "common.h"
 #include "cryptor_manager.h"
 #include "logger.h"
@@ -146,13 +147,11 @@ int encryptor::encrypt(media_type mediaType,
 		  std::max(stats_[mediaType].encrypt_max_attempts, (uint64_t)attempt);
 
 		if (!success) {
-			assert(false && "Failed to encrypt frame");
 			result = result_code::rc_encryption_failure;
 			break;
 		}
 
 		auto reconstructedFrameSize = frameProcessor->reconstruct_frame(encryptedFrame);
-		assert(reconstructedFrameSize == frameSize && "Failed to reconstruct frame");
 
 		auto nonceSize = leb128_size(truncatedNonce);
 
@@ -166,7 +165,6 @@ int encryptor::encrypt(media_type mediaType,
 		// write the nonce
 		auto res = write_leb128(truncatedNonce, truncatedNonceBuffer.begin());
 		if (res != nonceSize) {
-			assert(false && "Failed to write truncated nonce");
 			result = result_code::rc_encryption_failure;
 			break;
 		}
@@ -175,7 +173,6 @@ int encryptor::encrypt(media_type mediaType,
 		res = serialize_unencrypted_ranges(
 			unencryptedRanges, unencryptedRangesBuffer.begin(), unencryptedRangesBuffer.size());
 		if (res != unencryptedRangesSize) {
-			assert(false && "Failed to write unencrypted ranges");
 			result = result_code::rc_encryption_failure;
 			break;
 		}
@@ -197,7 +194,6 @@ int encryptor::encrypt(media_type mediaType,
 			break;
 		}
 		else if (attempt >= MAX_CIPHERTEXT_VALIDATION_RETRIES) {
-			assert(false && "Failed to validate encrypted section for codec");
 			result = result_code::rc_encryption_failure;
 			break;
 		}
diff --git a/src/dpp/dave/frame_processors.cpp b/src/dpp/dave/frame_processors.cpp
index eb31bf17f7..62a2d59262 100755
--- a/src/dpp/dave/frame_processors.cpp
+++ b/src/dpp/dave/frame_processors.cpp
@@ -23,11 +23,11 @@
  *
  ************************************************************************************/
 #include "frame_processors.h"
-#include <cassert>
 #include <limits>
 #include <optional>
 #include <memory>
 #include <cstring>
+#include <dpp/exception.h>
 #include "codec_utils.h"
 #include "logger.h"
 #include "array_view.h"
@@ -59,8 +59,6 @@ uint8_t unencrypted_ranges_size(const ranges& unencryptedRanges)
 		size += leb128_size(range.offset);
 		size += leb128_size(range.size);
 	}
-	assert(size <= std::numeric_limits<uint8_t>::max() &&
-		   "Unencrypted ranges size exceeds 255 bytes");
 	return static_cast<uint8_t>(size);
 }
 
@@ -73,7 +71,7 @@ uint8_t serialize_unencrypted_ranges(const ranges& unencryptedRanges,
 	for (const auto& range : unencryptedRanges) {
 		auto rangeSize = leb128_size(range.offset) + leb128_size(range.size);
 		if (rangeSize > static_cast<size_t>(end - writeAt)) {
-			assert(false && "Buffer is too small to serialize unencrypted ranges");
+			throw dpp::length_exception("Buffer is too small to serialize unencrypted ranges");
 			break;
 		}
 
@@ -149,16 +147,12 @@ size_t Reconstruct(ranges ranges,
 	size_t otherBytesIndex = 0;
 
 	const auto CopyRangeBytes = [&](size_t size) {
-		assert(rangeBytesIndex + size <= rangeBytes.size());
-		assert(frameIndex + size <= output.size());
-	std::memcpy(output.data() + frameIndex, rangeBytes.data() + rangeBytesIndex, size);
+		std::memcpy(output.data() + frameIndex, rangeBytes.data() + rangeBytesIndex, size);
 		rangeBytesIndex += size;
 		frameIndex += size;
 	};
 
 	const auto CopyOtherBytes = [&](size_t size) {
-		assert(otherBytesIndex + size <= otherBytes.size());
-		assert(frameIndex + size <= output.size());
 		std::memcpy(output.data() + frameIndex, otherBytes.data() + otherBytesIndex, size);
 		otherBytesIndex += size;
 		frameIndex += size;
@@ -176,10 +170,6 @@ size_t Reconstruct(ranges ranges,
 		CopyOtherBytes(otherBytes.size() - otherBytesIndex);
 	}
 
-	assert(rangeBytesIndex == rangeBytes.size());
-	assert(otherBytesIndex == otherBytes.size());
-	assert(frameIndex <= output.size());
-
 	return frameIndex;
 }
 
@@ -214,8 +204,6 @@ void inbound_frame_processor::parse_frame(array_view<const uint8_t> frame)
 	// Read the supplemental bytes size
 	supplemental_bytes_size supplementalBytesSize;
 	auto supplementalBytesSizeBuffer = magicMarkerBuffer - sizeof(supplemental_bytes_size);
-	assert(frame.begin() <= supplementalBytesSizeBuffer &&
-		   supplementalBytesSizeBuffer <= frame.end());
 	memcpy(&supplementalBytesSize, supplementalBytesSizeBuffer, sizeof(supplemental_bytes_size));
 
 	// Check the frame is large enough to contain the supplemental bytes
@@ -232,14 +220,12 @@ void inbound_frame_processor::parse_frame(array_view<const uint8_t> frame)
 	}
 
 	auto supplementalBytesBuffer = frame.end() - supplementalBytesSize;
-	assert(frame.begin() <= supplementalBytesBuffer && supplementalBytesBuffer <= frame.end());
 
 	// Read the tag
 	tag_ = make_array_view(supplementalBytesBuffer, AES_GCM_127_TRUNCATED_TAG_BYTES);
 
 	// Read the nonce
 	auto nonceBuffer = supplementalBytesBuffer + AES_GCM_127_TRUNCATED_TAG_BYTES;
-	assert(frame.begin() <= nonceBuffer && nonceBuffer <= frame.end());
 	auto readAt = nonceBuffer;
 	auto end = supplementalBytesSizeBuffer;
 	truncatedNonce_ = read_leb128(readAt, end);
@@ -249,7 +235,6 @@ void inbound_frame_processor::parse_frame(array_view<const uint8_t> frame)
 	}
 
 	// Read the unencrypted ranges
-	assert(nonceBuffer <= readAt && readAt <= end);
 	auto unencryptedRangesSize = end - readAt;
 	deserialize_unencrypted_ranges(readAt, unencryptedRangesSize, unencryptedRanges_);
 	if (readAt == nullptr) {
@@ -274,11 +259,9 @@ void inbound_frame_processor::parse_frame(array_view<const uint8_t> frame)
 	for (const auto& range : unencryptedRanges_) {
 		auto encryptedBytes = range.offset - frameIndex;
 		if (encryptedBytes > 0) {
-			assert(frameIndex + encryptedBytes <= frame.size());
-		add_ciphertext_bytes(frame.data() + frameIndex, encryptedBytes);
+			add_ciphertext_bytes(frame.data() + frameIndex, encryptedBytes);
 		}
 
-		assert(range.offset + range.size <= frame.size());
 		add_authenticated_bytes(frame.data() + range.offset, range.size);
 		frameIndex = range.offset + range.size;
 	}
@@ -360,8 +343,7 @@ void outbound_frame_processor::process_frame(array_view<const uint8_t> frame, co
 		success = codec_utils::process_frame_av1(*this, frame);
 		break;
 	default:
-		assert(false && "Unsupported codec for frame encryption");
-		break;
+		throw dpp::logic_exception("Unsupported codec for frame encryption");
 	}
 
 	if (!success) {
diff --git a/src/dpp/dave/mls_key_ratchet.cpp b/src/dpp/dave/mls_key_ratchet.cpp
index e0745f23bc..a30b46cefe 100755
--- a/src/dpp/dave/mls_key_ratchet.cpp
+++ b/src/dpp/dave/mls_key_ratchet.cpp
@@ -23,9 +23,6 @@
  *
  ************************************************************************************/
 #include "mls_key_ratchet.h"
-
-#include <cassert>
-
 #include "logger.h"
 
 namespace dpp::dave {
@@ -43,7 +40,6 @@ encryption_key mls_key_ratchet::get_key(key_generation generation) noexcept
 
 	try {
 		auto keyAndNonce = hashRatchet_.get(generation);
-		assert(keyAndNonce.key.size() >= AES_GCM_128_KEY_BYTES);
 		return std::move(keyAndNonce.key.as_vec());
 	}
 	catch (const std::exception& e) {
diff --git a/src/dpp/dave/persisted_key_pair.cpp b/src/dpp/dave/persisted_key_pair.cpp
index 6ca437e16e..12d2ee9b74 100755
--- a/src/dpp/dave/persisted_key_pair.cpp
+++ b/src/dpp/dave/persisted_key_pair.cpp
@@ -24,7 +24,6 @@
  ************************************************************************************/
 #include "persisted_key_pair.h"
 
-#include <cassert>
 #include <filesystem>
 #include <fstream>
 #include <sstream>
diff --git a/src/dpp/dave/persisted_key_pair.h b/src/dpp/dave/persisted_key_pair.h
index 91cb93b9da..5a396024c1 100755
--- a/src/dpp/dave/persisted_key_pair.h
+++ b/src/dpp/dave/persisted_key_pair.h
@@ -24,7 +24,6 @@
  ************************************************************************************/
 #pragma once
 
-#include <cassert>
 #include <filesystem>
 #include <fstream>
 #include <sstream>
diff --git a/src/dpp/dave/persisted_key_pair_generic.cpp b/src/dpp/dave/persisted_key_pair_generic.cpp
index f0b11b79ae..dc97f965ed 100755
--- a/src/dpp/dave/persisted_key_pair_generic.cpp
+++ b/src/dpp/dave/persisted_key_pair_generic.cpp
@@ -22,7 +22,6 @@
  * Copyright (c) 2024 Discord, Licensed under MIT
  *
  ************************************************************************************/
-#include <cassert>
 #include <filesystem>
 #include <fstream>
 #include <sstream>