fb50a1cca3a117bb964c43196671142484b13bf9
braney
  Fri Jun 12 12:10:47 2026 -0700
lib jkOwnLib hg/lib: fix warnings exposed by -O3 build

At -O3 GCC does more inlining and interprocedural range analysis, which
surfaces several warnings that -O -g never triggered.  With -Werror these
break the build, so fix them ahead of switching the default to -O3.

- bamFile.c: move setenv() into the else of its NULL guard so it is not
reachable with a NULL argument (-Wnonnull, seen via inlining of bamFetch).
- basicBed.c, wormdna.c, bedDetail.c, customFactory.c, hdb.c, qaSeq.c:
replace strncpy() with safecpy() where the result must be terminated
(-Wstringop-truncation).
- htmshell.c: use memcpy() for the intentional exact-length, non-terminated
copy (-Wstringop-truncation).
- obscure.c: compute the comma groups in sprintLongWithCommas() with % 1000
so the compiler can see each %03lld argument is bounded (-Wformat-overflow).
- crudeali.c: do the endian type-pun through a union so strict-aliasing
analysis no longer reports the value as uninitialized (-Wuninitialized).
- jksql.c: wrap a possibly-NULL database name in naForNull() before passing
it to %s (-Wformat-overflow).

refs #37761

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

diff --git src/lib/htmshell.c src/lib/htmshell.c
index 90547420d11..a49d33bbe2d 100644
--- src/lib/htmshell.c
+++ src/lib/htmshell.c
@@ -308,31 +308,31 @@
     if (c == '<') { size = 4; newString = "&lt;" ; } // '<' open  of tag
     if (c == '/')  { size = 6; newString = "&#x2F;"; } // forward slash helps end an HTML entity
     if (c == '"')  { size = 6; newString = "&quot;"; } // double quote
     if (c == '\'') { size = 5; newString = "&#39;" ; } // single quote
     if (out)
 	{
 	if (outSize > 0 && (total+size+1) > outSize) // 1 for terminator
 	    {
 	    *out = 0;
 	    return -1;
 	    }
 	if (size == 1)
 	    *out++ = c;
 	else
 	    {
-	    strncpy(out, newString, size);
+	    memcpy(out, newString, size);
 	    out += size;
 	    }
 	}
     total += size;
     } while (c != 0);
 return total - 1; // do not count terminating 0
 }
 
 int htmlEncodeTextSize(char *s)
 /* Returns what the encoded size will be after replacing characters with html codes or entities. */
 {
 return htmlEncodeTextExtended(s, NULL, 0);
 }