This may just be me misremembering, but as I recall, the bug of Heartbleed was ultimately a very complex macro system which supported multiple very old architectures. The bug, IIRC, was the interaction between that old macro system and the new code which is what made it hard to recognize as a bug.

Part of the resolution to the problem was I believe they ended up removing a fair number of unsupported platforms. It also ended up spawning alternatives to openssl like boring ssl which tried to remove as much as possible to guard against this very bug.

Maybe you are thinking of ShellShock

https://en.wikipedia.org/wiki/Shellshock_(software_bug)

The bug was introduced into the code in 1989, and only found and exploited in 2014.