gcc -Wstringop-overflow diagnosed this. On read error, we would return
-1, but not handle it, causing a zero size malloc of value, and then
we'd unconditionally write value[-1 + 1] = '\0'. This should be
harmless in terms of buffer overflow because we should get a minimum
non-zero size allocation from malloc, but it also effectively swallowed
the error.