bufferoutputstream: be defensive about dereferencing nul byte
If we don't own the buffer, then we don't have a guarantee that the buffer is one byte bigger than any count/length we've received. Mke sure to only dereference that byte when we do.
Related #309 (closed)