Nope. The bugs are in validation code added on top of deserialization; actual deserialization wouldn't have those issues.
Ah! I didn't realize that. Thank you.
reply