Lift scope of buf[] to make it extend to a potential access via *basename

It can be assumed that the contents of the buffer was still allocated and
valid at the point of the out-of-scope access, so there was no security
issue in practice.

Reported by: Coverity Scan CID 1437697
MFC after: 3 days