Most of the debate seems to center around a split in what contract developers feel they have with their libraries. The camps are:
* If I send garbage to a function it should fail immediately (abort). The state of my program is undefined.
* If I send garbage to a function it should deal with it somehow (truncate & null pad). No library should ever abort, because that may make my program crash when the error was survivable.
* If I send garbage to a function it's my own fault and my code should check pre and post conditions (silently do whatever). If you fail to do this you will have buffer overflows and get pwned.
I like how glib handles this (G_DISABLE_CHECKS and G_DISABLE_ASSERT). Normally function calls are made safe with g_assert and g_return_if_fail macros, but if you'd like to be unsafe (and slightly faster), you can disable them with compile-time options. By default you're safer security-wise, but you can remove the brakes if you desire.