slirp_fmt() always nul-terminate

Since snprintf() always nul-terminate.

The return value is the number of business bytes that would be produced if the buffer was large enough.

If it returns N for a N size buffer, it means truncation occurred (and we lost one business byte).

At the minimum we should change the warning condition:

diff --git a/src/util.c b/src/util.c
index 570c53f..d3ed5fa 100644
--- a/src/util.c
+++ b/src/util.c
@@ -392,7 +392,7 @@ int slirp_fmt(char *str, size_t size, const char *format, ...)
     rv = slirp_vsnprintf(str, size, format, args);
     va_end(args);
 
-    if (rv > size) {
+    if (rv >= size) {
         g_critical("slirp_fmt() truncation");
     }

And we could implement a "better" version of slirp_fmt() which does really skip/optional 0-ending.

Even better would be to get rid of slirp_fmt()...