Programmers just use the wrong tool for the job - arguably because strncpy is poorly named. strncpy is intended for filling zero-padded fixed-size strings, not copying normal single-zero-terminated strings.
I think the main benefit of adding functions like reallocarray is that they make the right tool for the job available by default. Plain realloc for array resizing is a timebomb in the same way as strncpy for normal strings - it will work (by accident) until it doesn't, and when it fails, it's likely to be an exploitable security hole.
I think the main benefit of adding functions like reallocarray is that they make the right tool for the job available by default. Plain realloc for array resizing is a timebomb in the same way as strncpy for normal strings - it will work (by accident) until it doesn't, and when it fails, it's likely to be an exploitable security hole.