Presumably both Google and Codenomicon found this by fuzzing. They're probably pretty good at it.

So this critical part of net infrastructure software was getting so little fuzzing attention from third parties, that it went undiscovered for 2 years. Even though this bug was trivial to trigger.

I'll argue that fuzzing is an laborious but only semi-effective way to mitigate bugs made catastrophic by use of memory-unsafe languages. In the larger scheme of things it does more harm than good, by delaying a real solution.