diff -ru file-3.40-orig/apprentice.c file-3.40/apprentice.c
--- file-3.40-orig/apprentice.c	2003-05-20 14:01:38.000000000 +0300
+++ file-3.40/apprentice.c	2003-05-20 13:58:05.000000000 +0300
@@ -85,7 +85,7 @@
 static int apprentice_map(struct magic **, uint32_t *, const char *, int);
 static int apprentice_compile(struct magic **, uint32_t *, const char *, int);
 
-static int maxmagic = 0;
+static unsigned int maxmagic = 0;
 
 struct mlist mlist;
 
@@ -355,7 +355,7 @@
         }
 
 	/* get offset, then skip over it */
-	m->offset = (int) strtoul(l,&t,0);
+	m->offset = strtoul(l,&t,0);
         if (l == t)
 		magwarn("offset %s invalid", l);
         l = t;
@@ -1027,8 +1027,8 @@
 		return -1;
 	}
 
-	if (write(fd, *magicp,  sizeof(struct magic) * *nmagicp) 
-	    != sizeof(struct magic) * *nmagicp) {
+	if (write(fd, *magicp,  sizeof(struct magic) * *nmagicp)
+	    != (ssize_t)(sizeof(struct magic) * *nmagicp)) {
 		(void)fprintf(stderr, "%s: error writing `%s' (%s)\n",
 		    progname, dbname, strerror(errno));
 		return -1;
diff -ru file-3.40-orig/ascmagic.c file-3.40/ascmagic.c
--- file-3.40-orig/ascmagic.c	2003-02-08 20:33:53.000000000 +0200
+++ file-3.40/ascmagic.c	2003-05-20 12:55:24.000000000 +0300
@@ -111,6 +111,10 @@
 	while (nbytes > 1 && buf[nbytes - 1] == '\0')
 		nbytes--;
 
+	/* nbuf and ubuf relies on this */
+	if (nbytes > HOWMANY)
+		nbytes = HOWMANY;
+
 	/*
 	 * Then try to determine whether it's any character code we can
 	 * identify.  Each of these tests, if it succeeds, will leave
@@ -323,7 +327,7 @@
 static int
 ascmatch(const unsigned char *s, const unichar *us, int ulen)
 {
-	size_t i;
+	int i;
 
 	for (i = 0; i < ulen; i++) {
 		if (s[i] != us[i])
diff -ru file-3.40-orig/compress.c file-3.40/compress.c
--- file-3.40-orig/compress.c	2003-05-20 14:01:38.000000000 +0300
+++ file-3.40/compress.c	2003-05-20 13:57:03.000000000 +0300
@@ -25,7 +25,7 @@
 
 static struct {
 	const char *magic;
-	int   maglen;
+	unsigned int maglen;
 	const char *const argv[3];
 	int	 silent;
 } compr[] = {
@@ -46,16 +46,16 @@
 
 static int swrite(int, const void *, size_t);
 static int sread(int, void *, size_t);
-static int uncompressbuf(int, const unsigned char *, unsigned char **, int);
+static size_t uncompressbuf(int, const unsigned char *, unsigned char **, size_t);
 #ifdef HAVE_LIBZ
-static int uncompressgzipped(const unsigned char *, unsigned char **, int);
+static size_t uncompressgzipped(const unsigned char *, unsigned char **, size_t);
 #endif
 
 int
-zmagic(const char *fname, unsigned char *buf, int nbytes)
+zmagic(const char *fname, unsigned char *buf, size_t nbytes)
 {
 	unsigned char *newbuf;
-	int newsize;
+	size_t newsize;
 	int i;
 
 	for (i = 0; i < ncompr; i++) {
@@ -156,7 +156,7 @@
 		/*NOTREACHED*/
 	}
 
-	if (swrite(tfd, startbuf, nbytes) != nbytes)
+	if (swrite(tfd, startbuf, nbytes) != (ssize_t)nbytes)
 		r = 1;
 	else {
 		while ((r = sread(fd, buf, sizeof(buf))) > 0)
@@ -202,29 +202,35 @@
 #define FNAME		(1 << 3)
 #define FCOMMENT	(1 << 4)
 
-static int
-uncompressgzipped(const unsigned char *old, unsigned char **newch, int n)
+static size_t
+uncompressgzipped(const unsigned char *old, unsigned char **newch, size_t n)
 {
 	unsigned char flg = old[3];
-	int data_start = 10;
+	unsigned int data_start = 10;
 	z_stream z;
 	int rc;
 
-	if (flg & FEXTRA)
+	if (flg & FEXTRA) {
+		if (data_start+1 >= n)
+			return 0;
 		data_start += 2 + old[data_start] + old[data_start + 1] * 256;
+	}
 	if (flg & FNAME) {
-		while(old[data_start])
+		while(data_start < n && old[data_start])
 			data_start++;
 		data_start++;
 	}
 	if(flg & FCOMMENT) {
-		while(old[data_start])
+		while(data_start < n && old[data_start])
 			data_start++;
 		data_start++;
 	}
 	if(flg & FHCRC)
 		data_start += 2;
 
+	if (data_start >= n)
+		return 0;
+
 	if ((*newch = (unsigned char *)malloc(HOWMANY + 1)) == NULL) {
 		return 0;
 	}
@@ -259,9 +265,9 @@
 }
 #endif
 
-static int
+static size_t
 uncompressbuf(int method, const unsigned char *old, unsigned char **newch,
-	      int n)
+	      size_t n)
 {
 	int fdin[2], fdout[2];
 
@@ -307,7 +313,7 @@
 		case 0: /* child */
 		    (void) close(fdout[0]);
 		    /*fprintf(stderr, "about to write %d bytes to pipe\n", n);*/
-		    if (swrite(fdin[1], old, n) != n) {
+		    if (swrite(fdin[1], old, n) != (ssize_t)n) {
 			exit(1);
 		    }
 		    exit(0);
diff -ru file-3.40-orig/file.c file-3.40/file.c
--- file-3.40-orig/file.c	2003-05-20 14:01:38.000000000 +0300
+++ file-3.40/file.c	2003-05-20 13:56:49.000000000 +0300
@@ -411,7 +411,7 @@
 	static  const char stdname[] = "standard input";
 	unsigned char	buf[HOWMANY+1];	/* one extra for terminating '\0' */
 	struct stat	sb;
-	int nbytes = 0;	/* number of bytes read from a datafile */
+	ssize_t nbytes = 0;	/* number of bytes read from a datafile */
 	char match = '\0';
 
 	if (strcmp("-", inname) == 0) {
@@ -509,7 +509,7 @@
 
 
 int
-tryit(const char *fn, unsigned char *buf, int nb, int zfl)
+tryit(const char *fn, unsigned char *buf, size_t nb, int zfl)
 {
 
 	/*
diff -ru file-3.40-orig/file.h file-3.40/file.h
--- file-3.40-orig/file.h	2003-05-20 14:01:38.000000000 +0300
+++ file-3.40/file.h	2003-05-20 14:09:26.000000000 +0300
@@ -104,8 +104,8 @@
 #define				OPDIVIDE	7
 #define				OPMODULO	8
 #define				OPINVERSE	0x80
-	int32_t offset;		/* offset to magic number */
-	int32_t in_offset;	/* offset from indirection */
+	uint32_t offset;	/* offset to magic number */
+	uint32_t in_offset;	/* offset from indirection */
 	union VALUETYPE {
 		uint8_t b;
 		uint16_t h;
@@ -143,18 +143,18 @@
 extern int   fsmagic(const char *, struct stat *);
 extern char *fmttime(long, int);
 extern int   is_compress(const unsigned char *, int *);
-extern int   is_tar(unsigned char *, int);
+extern int   is_tar(unsigned char *, size_t);
 extern void  magwarn(const char *, ...);
 extern void  mdump(struct magic *);
 extern size_t mbswidth(const char *);
 extern void  process(const char *, int);
 extern void  showstr(FILE *, const char *, int);
-extern int   softmagic(unsigned char *, int);
-extern int   tryit(const char *, unsigned char *, int, int);
-extern int   zmagic(const char *, unsigned char *, int);
+extern int   softmagic(unsigned char *, size_t);
+extern int   tryit(const char *, unsigned char *, size_t, int);
+extern int   zmagic(const char *, unsigned char *, size_t);
 extern void  ckfprintf(FILE *, const char *, ...);
 extern uint32_t signextend(struct magic *, unsigned int32);
-extern void tryelf(int, unsigned char *, int);
+extern void tryelf(int, unsigned char *, size_t);
 extern int pipe2file(int, void *, size_t);
 
 
diff -ru file-3.40-orig/fsmagic.c file-3.40/fsmagic.c
--- file-3.40-orig/fsmagic.c	2002-07-03 22:00:41.000000000 +0300
+++ file-3.40/fsmagic.c	2003-05-20 14:10:55.000000000 +0300
@@ -189,6 +189,10 @@
 				tmp = buf; /* in current directory anyway */
 			    }
 			    else {
+				if (tmp-fn+1 > BUFSIZ) {
+				    ckfprintf(stdout, "path too long: %s", fn);
+				    return 1;
+				}
 				strcpy (buf2, fn);  /* take directory part */
 				buf2[tmp-fn+1] = '\0';
 				strcat (buf2, buf); /* plus (relative) symlink */
diff -ru file-3.40-orig/is_tar.c file-3.40/is_tar.c
--- file-3.40-orig/is_tar.c	2002-07-03 21:26:38.000000000 +0300
+++ file-3.40/is_tar.c	2003-05-20 13:46:03.000000000 +0300
@@ -32,7 +32,7 @@
  *	2 for Unix Std (POSIX) tar file.
  */
 int
-is_tar(unsigned char *buf, int nbytes)
+is_tar(unsigned char *buf, size_t nbytes)
 {
 	union record *header = (union record *)buf;
 	int	i;
diff -ru file-3.40-orig/readelf.c file-3.40/readelf.c
--- file-3.40-orig/readelf.c	2003-05-20 14:01:38.000000000 +0300
+++ file-3.40/readelf.c	2003-05-20 13:57:27.000000000 +0300
@@ -202,15 +202,17 @@
 				    strerror(errno));
 			offset = 0;
 			for (;;) {
-				if (offset >= bufsize)
+				if (offset >= (size_t)bufsize)
 					break;
+
 				if (class == ELFCLASS32)
 					nh32 = (Elf32_Nhdr *)&nbuf[offset];
 				else
 					nh64 = (Elf64_Nhdr *)&nbuf[offset];
 				offset += nh_size;
 	
-				if (offset + nh_namesz >= bufsize) {
+				if (offset >= (size_t)bufsize ||
+				    nh_namesz >= (size_t)bufsize - offset) {
 					/*
 					 * We're past the end of the buffer.
 					 */
@@ -228,7 +230,8 @@
 					break;
 				}
 
-				if (offset + nh_descsz >= bufsize)
+				if (offset >= (size_t)bufsize ||
+				    nh_descsz >= (size_t)bufsize - offset)
 					break;
 
 				if (nh_namesz == 4 &&
@@ -366,9 +369,9 @@
 	Elf64_Nhdr *nh64 = NULL;
 	size_t offset, nameoffset, noffset, reloffset;
 	unsigned char c;
-	int i, j;
+	unsigned int i, j;
 	char nbuf[BUFSIZ];
-	int bufsize;
+	ssize_t bufsize;
 	int os_style = -1;
 
 	if (size != ph_size)
@@ -396,7 +399,7 @@
 			error(": " "read failed (%s).\n", strerror(errno));
 		offset = 0;
 		for (;;) {
-			if (offset >= bufsize)
+			if (offset >= (size_t)bufsize)
 				break;
 			if (class == ELFCLASS32)
 				nh32 = (Elf32_Nhdr *)&nbuf[offset];
@@ -408,7 +411,8 @@
 			 * Check whether this note has the name "CORE" or
 			 * "FreeBSD", or "NetBSD-CORE".
 			 */
-			if (offset + nh_namesz >= bufsize) {
+			if (offset >= (size_t)bufsize ||
+			    nh_namesz >= (size_t)bufsize - offset) {
 				/*
 				 * We're past the end of the buffer.
 				 */
@@ -497,7 +501,7 @@
 						 * the end of the buffer; if
 						 * we are, just give up.
 						 */
-						if (noffset >= bufsize)
+						if (noffset >= (size_t)bufsize)
 							goto tryanother;
 
 						/*
@@ -555,7 +559,7 @@
 #endif
 
 void
-tryelf(int fd, unsigned char *buf, int nbytes)
+tryelf(int fd, unsigned char *buf, size_t nbytes)
 {
 	union {
 		int32_t l;
diff -ru file-3.40-orig/softmagic.c file-3.40/softmagic.c
--- file-3.40-orig/softmagic.c	2003-02-08 20:33:53.000000000 +0200
+++ file-3.40/softmagic.c	2003-05-20 13:57:37.000000000 +0300
@@ -37,8 +37,8 @@
 FILE_RCSID("@(#)$Id: softmagic.c,v 1.52 2003/02/08 18:33:53 christos Exp $")
 #endif	/* lint */
 
-static int match(struct magic *, uint32_t, unsigned char *, int);
-static int mget(union VALUETYPE *, unsigned char *, struct magic *, int);
+static int match(struct magic *, uint32_t, unsigned char *, size_t);
+static int mget(union VALUETYPE *, unsigned char *, struct magic *, size_t);
 static int mcheck(union VALUETYPE *, struct magic *);
 static int32_t mprint(union VALUETYPE *, struct magic *);
 static void mdebug(int32_t, char *, int);
@@ -53,7 +53,7 @@
  */
 /*ARGSUSED1*/		/* nbytes passed for regularity, maybe need later */
 int
-softmagic(unsigned char *buf, int nbytes)
+softmagic(unsigned char *buf, size_t nbytes)
 {
 	struct mlist *ml;
 
@@ -92,10 +92,10 @@
  *	so that higher-level continuations are processed.
  */
 static int
-match(struct magic *magic, uint32_t nmagic, unsigned char *s, int nbytes)
+match(struct magic *magic, uint32_t nmagic, unsigned char *s, size_t nbytes)
 {
-	int magindex = 0;
-	int cont_level = 0;
+	uint32_t magindex = 0;
+	unsigned int cont_level = 0;
 	int need_separator = 0;
 	union VALUETYPE p;
 	static int32_t *tmpoff = NULL;
@@ -391,7 +391,7 @@
 	case PSTRING:
 		{
 			char *ptr1 = p->s, *ptr2 = ptr1 + 1;
-			int n = *p->s;
+			unsigned int n = *p->s;
 			if (n >= sizeof(p->s))
 				n = sizeof(p->s) - 1;
 			while (n--)
@@ -555,9 +555,9 @@
 }
 
 static int
-mget(union VALUETYPE *p, unsigned char *s, struct magic *m, int nbytes)
+mget(union VALUETYPE *p, unsigned char *s, struct magic *m, size_t nbytes)
 {
-	int32_t offset = m->offset;
+	uint32_t offset = m->offset;
 
 	if (m->type == REGEX) {
 	      /*
@@ -578,10 +578,9 @@
 		 * the usefulness of padding with zeroes eludes me, it
 		 * might even cause problems
 		 */
-		int32_t have = nbytes - offset;
 		memset(p, 0, sizeof(union VALUETYPE));
-		if (have > 0)
-			memcpy(p, s + offset, have);
+		if (offset < nbytes)
+			memcpy(p, s + offset, nbytes - offset);
 	}
 
 	if (debug) {
@@ -913,7 +912,8 @@
 			break;
 		}
 
-		if (offset + sizeof(union VALUETYPE) > nbytes)
+		if (nbytes < sizeof(union VALUETYPE) ||
+		    nbytes - sizeof(union VALUETYPE) < offset)
 			return 0;
 
 		memcpy(p, s + offset, sizeof(union VALUETYPE));