The danger of strlcpy

strlcpy is a variant of strncpy that guarantees that the destination string is always null-terminated.
A common security tip is to use it over strncpy, to avoid edge-cases of unterminated strings.

What is missing from strlcpy is the following bit of functionality from strncpy:

If src is less than len characters long, the remainder of dst is filled with ‘\0’ characters.

So, in the following code:

#include <stdio.h>
#include <string.h>

int main() {
	char chararray[6];
	strncpy(chararray, "abcdef", sizeof(chararray));
	strlcpy(chararray, "abc", sizeof(chararray));

	printf("%c\n", chararray[5]);
	return 0;
}

"f" is printed, from the previous initialization.
If there wasn't such an initialization, we are leaking uninitialized memory.