There's nothing particularly scary about this system call.
To put this into perspective, dozens of calls with this sort of problem have been found in the
history of Linux. Dozens in Windows NT. Dozens in official AT&T branded Unix. The problem was
fixed and you're still using the relevant system calls.
There are tools that are supposed to look for this sort of problem in your OS, but of course
if you keep inventing system calls, someone has to update the tools to know about the new
system calls, and if there were people being that vigilant, you'd hope that at least two of
the three bugs that lead to this discussion would have been spotted before they got into the
Linus kernel tree.
What you're looking at here is boring human error. No interesting design lessons. No
fundamental principles that ought to be reconsidered (unless you consider the hilarious
proposals earlier in comments that Linux should be re-written in a dynamic type system where
the OS would spend all its time validating your input parameters and not getting any work