This class of bugs — “small overrunning read that doesn’t get used” – was found on some wireless ioctl system calls.
The bug was apparently introduced in Linux 2.1.15, released December 12, 1996. It’s interesting that it wasn’t found and fixed until now. I guess not many programs use these ioctls, and those that do probably use buffers that are always followed by at least eight more bytes of data, e.g. any buffer on the stack.