From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 14 Feb 2022 16:26:10 +0000
Subject: PR/310: p870613: Don't use strlcpy to copy the string, it will try to
 scan the source string to find out how much space is needed the source string
 might not be NUL terminated.
Origin: https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502
Bug: https://bugs.astron.com/view.php?id=310
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-48554

---
 src/funcs.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

--- a/src/funcs.c
+++ b/src/funcs.c
@@ -51,9 +51,12 @@
 protected char *
 file_copystr(char *buf, size_t blen, size_t width, const char *str)
 {
-	if (++width > blen)
-		width = blen;
-	strlcpy(buf, str, width);
+	if (blen == 0)
+		return buf;
+	if (width >= blen)
+		width = blen - 1;
+	memcpy(buf, str, width);
+	buf[width] = '\0';
 	return buf;
 }