On Tue, 31 Mar 2026 at 11:32, Kees Cook <[email protected]> wrote:
>
> If the code was written perfectly, then there's no problem.
My point is that BUG_ON() DOES NTO SOLVE THE PROBLEM.
> The point is to make a type that still works with C and all the associated
> APIs (e.g. format strings, native arithmetic, etc) without creating the
> mess that Jakub, Peter, and others (correctly) balked at around accessors
> for doing function based math.
Has anybody tried to suggest that "use a label" model?
Because I 100% agree that the current overflow handling is pure
garbage, and doesn't allow the code to be used in any kind of sane
code.
But I think that's solvable with the "branch out on error to be
handled elsewhere" model.
Linus
