Harish, you're right, there is code that checks if the token is within the partitioner's range. I checked the history - it was added with
In my case, the token range was set up with version 0.7.6 (without that patch). The patch only checks on moves/bootstraps, so it went undetected.
So to reproduce the bug you would need to move a token outside the range with version < 1.0.4. Upgrading would not help recognizing the mistake.
You could call validate(token) in describeOwnership to give a hint in nodetool. But I don't think it's really necessary since that's only legacy support...