If they just keep reusing a buffer and forget to clear it in between requests there is nothing automated that would find it.
Bounds checking languages would not help either - they would only work if they delete and reallocate the buffer on each request, since that's slow it's unlikely anyone would do that.
They probably wouldn't even clear the buffer, instead they rely on keeping track of the length of data in it, so any errors in there would be a problem.
Yea but... seems like a quick run of valgrind would have caught this
Personally, I've never had an experience with valgrind that could be reasonably characterized as "quick". But YMMV.
Not necessarily.
If they just keep reusing a buffer and forget to clear it in between requests there is nothing automated that would find it.
Bounds checking languages would not help either - they would only work if they delete and reallocate the buffer on each request, since that's slow it's unlikely anyone would do that.
They probably wouldn't even clear the buffer, instead they rely on keeping track of the length of data in it, so any errors in there would be a problem.
If they used asan/msan and its support for manually marking regions of memory as invalid/uninitialized, that could have caught such cases too.