glibc resolv inet_ntop.c: strcpy copies without using dst size (possible overflow if size check off-by-one)

inet_ntop4/inet_ntop6 in resolv/inet_ntop.c format into tmp with local buffers, then copy to caller-supplied dst using strcpy(dst,tmp). The only protection is a prior size check based on SPRINTF/ tp-tmp lengths vs the socklen_t size argument, but the final copy does not use size and relies entirely on the correctness of those checks. This can become exploitable if the check is off-by-one or if size semantics differ from string length (e.g., expecting size==dst capacity including NUL).