Suricata

C11 adds a suite of safe(r) buffer handle replacements for memset, memcpy, snprintf, etc. We should consider using these. This would require updates to many hundreds of call sites. Probably good to create our own wrappers, so we can instrument them to assist fuzzing as well.