If there is no terminating zero within the 16 magic bytes, the buffer would be
over-read in the std::string constructor. Fixed by using the "from buffer"
variant of the constructor (that also takes a size) rather than the "from c-string"
variant.
This is a backport of core#20216