Ragel itself may not be at fault, but it is the case that if it were generating code in a memory-safe language rather than C (including Rust code sans the `unsafe` keyword), then improper use of Ragel wouldn't be capable of dumping random memory contents, which is what cloudbleed exhibited.
Ragel can emit lots of different kinds of code, Ruby included, so to blame the tool here is mistaken. It's blaming how the tool was configured and used.
Emitting Rust might not be a bad idea, but I bet this code-base pre-dates Rust being a viable target.
When the option arises, it is nice to run the test vectors against the diversity of generated output, C, Ruby, Etc. One of those backends could have very well alerted on the error.
Although Ragel can emit a variety of code, it's non-trivial to rework your own code that's a part of that from C to Ruby or Rust or whatever. You'd basically have to implement the same thing N times.
ANTLR has the same problem. Where any non-trivial grammar will require embedded code, forking it away from ever being supported by more than one backend.
It might be nice to have Lua or a Scheme embedded in the generator platform so that, one can truly target multiple backends.
