Comment 16 for bug 1611171

I don't see the security hole here. I agree the code looks suspicious but after reading the reasoning behind the original change, it looks sane to me. Can someone explain how this is even conceivably exploitable?