What about adding safer checked buffer types as part of the standard library? A fixed buffer for things of "up to this size" where it remembers how big the current thing is.

Seems like it would be a pretty easy problem to fix if you're not playing fast and loose.