'sz' is the size of the buffer; 'if (count < sz) buf[count++] = c;'
can fill the entire buffer, leaving count==sz, so buf[count] = '\0';
would be out of bounds.
Formatting was way off. Indentation these days should be multiples
of 4 spaces, never tabs.
cf7536b167