This is much more interesting than all of this soap opera about Theo.
What we see in this commit, regression, and vuln is that the X server is an enormous setuid program with tons of code and zero tests. The "fix" also does not contain any tests that could have detected the problem, so it's just a continuation of what is now a quarter-century of bad software engineering practices.
X was built on false assumptions of what the future would look like (dumb terminals). The whole thing is a massive hack around its server/client architecture - which does not work well with modern graphics hardware.
It’s no small part of why Linux has failed on the desktop.
In short, lack of tests are the least of its problems.
What we see in this commit, regression, and vuln is that the X server is an enormous setuid program with tons of code and zero tests. The "fix" also does not contain any tests that could have detected the problem, so it's just a continuation of what is now a quarter-century of bad software engineering practices.