[rurban]

This technical report is nonsensical, and asks for continuation of widespread insecure practices. The authors (the glibc maintainer) should be removed from the committee for spreading such harm. He simply doesn't like secure practices, and continue to use sometimes checked calls. If he would have some technical competence he would implement the needed safety checks seperated into compile-time (no performance penalty) and runtime (when the compiler doesn't know). He only does the first, and leaves all the dynamic cases unchecked. But then he would stumble over the inability of gcc to properly handle compile-time expressions.

See eg. https://rurban.github.io/safeclib/doc/safec-3.5/index.html