CVE:  CVE-2022-48554
Upstream-Status: Backport [ https://github.com/file/file/commit/497aabb29cd08d2a5aeb63e45798d65fcbe03502 ]
Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>

From 497aabb29cd08d2a5aeb63e45798d65fcbe03502 Mon Sep 17 00:00:00 2001
From: Christos Zoulas <christos@zoulas.com>
Date: Mon, 14 Feb 2022 16:26:10 +0000
Subject: [PATCH] PR/310: p870613: Don't use strlcpy to copy the string, it
 will try to scan the source string to find out how much space is needed the
 source string might not be NUL terminated.

---
 src/funcs.c | 11 +++++++----
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/funcs.c b/src/funcs.c
index 89e1da597..dcfd352d2 100644
--- a/src/funcs.c
+++ b/src/funcs.c
@@ -54,9 +54,12 @@ FILE_RCSID("@(#)$File: funcs.c,v 1.124 2022/01/10 14:15:08 christos Exp $")
 protected char *
 file_copystr(char *buf, size_t blen, size_t width, const char *str)
 {
-	if (++width > blen)
-		width = blen;
-	strlcpy(buf, str, width);
+	if (blen == 0)
+		return buf;
+	if (width >= blen)
+		width = blen - 1;
+	memcpy(buf, str, width);
+	buf[width] = '\0';
 	return buf;
 }