instr_disassemble_to_buffer() returns len+1 when buffer limit is hit

When instr_disassemble_to_buffer() runs out of space in the target buffer, it returns the buffer length including the final null character as the string length, rather than the length without the null as promised.

The description states:

/* Prints the instruction \p instr to the buffer \p buf.
 * Always null-terminates, and will not print more than \p bufsz characters,
 * which includes the final null character.
 * Returns the number of characters printed, not including the final null.
 */
size_t
instr_disassemble_to_buffer(void *drcontext, instr_t *instr, char *buf, size_t bufsz);

Since bufz includes the final null character, while the return value does not include the final null, the return value should be strictly less than bufz. But when disassembling long instructions into a short buffer, I consistently see bufz as the return value.

The final null is correctly added as the last character, but if I access the buffer using the returned value as the length, I get an extra null in these cases.