I agree that safeintlib is not doing anything too interesting in this case but that's not really the point.&nbsp; The argument for it is that it becomes the central point of code to check for safe conversions and an indicator that the developer was thoughtful about this conversion and didn't just cast to avoid the compiler complaining.&nbsp; If everyone starts putting their own checks in place it leads to more code reviews, diversity in solutions, and opportunities for bugs.&nbsp; All that said those are soft reasons for the change and that is up to you.&nbsp;&nbsp;<br /><br />@Laszlo - On the ASSERT part, I have a different view point and am more curious about yours.&nbsp; For release builds, I don't want to see CpuDeadLoops anywhere unless I am ok with the device being returned/refunded.&nbsp; Our error path would be to exit the function with an error code and potentially log a ReportStatusCode.&nbsp; &nbsp;I don't think you should continue in an invalid state as that just makes resolving the bug much much harder.&nbsp; &nbsp; Given that the system can boot to at least a menu without this driver, it seems that failing out of the function would provide a better "RELEASE" experience.&nbsp; <br /><br />Finally, given that this is contained in OVMF I am fine with whatever makes the most sense for your platform and usecase.<br /><br />Thanks<br />Sean