I was expecting this to be a flaw in SHA-3, the algorithm. Nope, it's a bug in the C implementation, that results from the fact that C provides no automatic bounds checking. Heartbleed was also the result of missing bounds checking.

The time spent fixing these sorts of bugs is astronomical, but it's entirely avoidable. Using safe languages that are written in themselves would allow us to spend far less time fixing these sorts of bugs. Moreover, those sort of languages are far more powerful and flexible than other languages.