Comment by tiffanyh

Would a code analyzer have detected this bug?

(E.g. Valgrind, Flexelint, cppcheck, clang static analyzer, etc.)

If yes, then why aren't code analyzers used on all OpenBSD code submissions, given their stance on having correct code & security focused.