Comment 4 for bug 35933

Also, that patch doesn't do any buffer size checking on the string manipulation. Of course, fixing that is trivial, but unless this is specified in a standard somewhere, it's not likely to be accepted upstre