Another use of strcpy() on overlapping buffers

[krader1961]

While working on issue #396 and #401 I looked at a core dump from the cubetype test and noticed that strcpy() was called with pointers to overlapping buffers. From the core dump:

(lldb) frame select 8
frame #8: 0x000000010c32c582 ksh`nv_create(name="cc[0].len", root=0x00007fdcd7f00c30, flags=1441792, dp=0x00007ffee3955d28) at name.c:708
   705      if (!dp->disc) copy = dp->nofree & 1;
   706      if (*cp == '.') cp++;
   707      while (1) {
-> 708          if (zerosub && !np) strcpy(sp, cp - 1);
   709          zerosub = 0;
   710          switch (c = *(unsigned char *)(sp = cp)) {
   711              case '[': {
(lldb) p sp
(char *) $0 = 0x00007fdcd8003668 ".len"
(lldb) p cp
(char *) $1 = 0x00007fdcd8003669 "len"

Notice the address of the source buffer is just the destination buffer plus one. This bug occurs even with AST vmalloc rather than stdlib vmalloc. I simply hadn't bothered to investigate this failure before now.

[krader1961]

Fixing this bug fixes three unit tests on macOS (the three cubetype test variants).