As mitigation against malicious input, we should add a feature that caps how far in the buffer cstring parsing seeks for the terminating null; the cap can be a simple constant.