Or just use the openbsd tools and practices. strlcpy() and friends. Adding another layer won't make shitty brogrammers any better. People writing and using security software should have known better. But the code was so bad nobody wanted to look at it. Everyone failed, everyone. Including the OpenBSD project. On top of that, they purposely added their own memory allocation tools, thereby preventing the built in tools from finding the bugs. (exploit mitigation mitigation).
There's no evidence but man, come on, this was done on purpose.