Comment by daenney

Their old Ragel-based parser was affected. According to their post mortem both the old parser and the new cf-html one are compiled as nginx modules so I'd venture a guess that this is probably C/C++ code since afaik you can't extend nginx through modules written in Go.

> It turned out that the underlying bug that caused the memory leak had been present in our Ragel-based parser for many years but no memory was leaked because of the way the internal NGINX buffers were used. Introducing cf-html subtly changed the buffering which enabled the leakage even though there were no problems in cf-html itself.

https://blog.cloudflare.com/incident-report-on-memory-leak-c...

There's a section in that blog post titled "Root cause of the bug" that goes in further detail.