strcpy.3: Fix example code for strncpy, which could pass an incorrect length

The example code currently passes `buflen - 1` to `strncpy`,
however the length parameter to `strncpy` is `size_t`, which is
unsigned.  This means that when `buflen` is zero, the cast of `-1`
to unsigned will result in passing `UINT_MAX` as the length.
Obviously, that would be incorrect and could cause `strncpy` to
write well beyond the buffer passed.

The easy solution is to wrap the whole code in the `buflen > 0`
check, rather then just the part of the code that applies the null
terminator.

Signed-off-by: Matthew Kilgore <mattkilgore12@gmail.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man3/strcpy.3 b/man3/strcpy.3
index 1596a95f59b974c331ce1af20071bc45ae6f0dfa..02f7bfaa1416d932e0554016f0db078312d26c16 100644 (file)
--- a/man3/strcpy.3
+++ b/man3/strcpy.3
@@ -166,9 +166,10 @@ you can force termination using something like the following:
 .PP
 .in +4n
 .EX
-strncpy(buf, str, buflen \- 1);
-if (buflen > 0)
+if (buflen > 0) {
+    strncpy(buf, str, buflen \- 1);
     buf[buflen \- 1]= \(aq\\0\(aq;
+}
 .EE
 .in
 .PP