Null Truncation Differential

Two consumers read the same input buffer with different string-length conventions. A security gate uses C-string semantics and stops at the first NULL byte, validating only the prefix; a downstream sink uses length-prefixed byte-buffer semantics and consumes the NULL and everything after it. The bytes are identical. The length the two readers infer is not. The buffer the gate approved is not the buffer the sink acted on.