[openssl-dev] [openssl.org #4094] Nonsensical pointer comparison in PACKET_buf_init

[Salz, Rich]

> PACKET_buf_init. This code can assume that |len| is from a trusted source.
> 
> The purpose of the sanity check is not then for security, but to guard against
> programmer error. For a correctly functioning program this test should never
> fail.

I would say that the combination of these two things means that it should be an assert.