The maximum length allowed (and without overflow) depends on the queueno in the switch statement. I don't know the exact format of the inputs, but there could be a universal and stricter length restriction in the protocol It is possible to fix the problem at the previous check you propose, we just need to add input parsing for length and queueno there. The code here seems prone to overflow, since function arguments only include a single buffer pointer without a remaining byte count. Moreover, some of the lengths are dynamic and encoded in the buffer. For this reason, I think it's easier and more maintainable to add the check after existing parsing code and before read/write the buffer.
