I think that this is a good sign. I know everyone has been saying that OpenSSL code is terrible (can't say I have looked myself), but if this is the worst bug found since heartbleed then maybe it is better than it appears.
This isn't a bug found in a thorough audit of the entire OpenSSL code base. This is a bug that was discovered while trying to understand why applications using OpenSSL would run into trouble after disabling the code that made it impossible to detect Heartbleed with OpenBSD's malloc safety features.
