Apply by doing:
	cd /usr/src
	patch -p0 < 009_file.patch

And then rebuild and install file:
	cd usr.bin/file
	make obj
	make cleandir
	make depend
	make
	make install


Index: usr.bin/file/file.h
===================================================================
RCS file: /cvs/src/usr.bin/file/file.h,v
retrieving revision 1.16
retrieving revision 1.16.12.1
diff -u -p -r1.16 -r1.16.12.1
--- usr.bin/file/file.h	19 May 2004 02:32:35 -0000	1.16
+++ usr.bin/file/file.h	9 Jul 2007 17:32:48 -0000	1.16.12.1
@@ -1,4 +1,4 @@
-/*	$OpenBSD: file.h,v 1.16 2004/05/19 02:32:35 tedu Exp $ */
+/*	$OpenBSD: file.h,v 1.16.12.1 2007/07/09 17:32:48 ckuethe Exp $ */
 /*
  * Copyright (c) Ian F. Darwin 1986-1995.
  * Software written by Ian F. Darwin and others;
@@ -28,7 +28,7 @@
  */
 /*
  * file.h - definitions for file(1) program
- * @(#)$Id: file.h,v 1.16 2004/05/19 02:32:35 tedu Exp $
+ * @(#)$Id: file.h,v 1.16.12.1 2007/07/09 17:32:48 ckuethe Exp $
  */
 
 #ifndef __file_h__
@@ -177,7 +177,7 @@ struct magic_set {
 	/* Accumulation buffer */
 	char *buf;
 	char *ptr;
-	size_t len;
+	size_t left;
 	size_t size;
 	/* Printable buffer */
 	char *pbuf;
Index: usr.bin/file/funcs.c
===================================================================
RCS file: /cvs/src/usr.bin/file/funcs.c,v
retrieving revision 1.3
retrieving revision 1.3.8.1
diff -u -p -r1.3 -r1.3.8.1
--- usr.bin/file/funcs.c	11 Apr 2005 16:31:35 -0000	1.3
+++ usr.bin/file/funcs.c	9 Jul 2007 17:32:48 -0000	1.3.8.1
@@ -1,4 +1,4 @@
-/* $OpenBSD: funcs.c,v 1.3 2005/04/11 16:31:35 deraadt Exp $ */
+/* $OpenBSD: funcs.c,v 1.3.8.1 2007/07/09 17:32:48 ckuethe Exp $ */
 /*
  * Copyright (c) Christos Zoulas 2003.
  * All Rights Reserved.
@@ -29,13 +29,15 @@
  */
 #include "file.h"
 #include "magic.h"
+#include <limits.h>
 #include <stdarg.h>
+#include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
 
 #ifndef	lint
-FILE_RCSID("@(#)$Id: funcs.c,v 1.3 2005/04/11 16:31:35 deraadt Exp $")
+FILE_RCSID("@(#)$Id: funcs.c,v 1.3.8.1 2007/07/09 17:32:48 ckuethe Exp $")
 #endif	/* lint */
 /*
  * Like printf, only we print to a buffer and advance it.
@@ -44,28 +46,39 @@ protected int
 file_printf(struct magic_set *ms, const char *fmt, ...)
 {
 	va_list ap;
-	size_t len;
+	int len;
+	size_t size;
 	char *buf;
+	ptrdiff_t diff;
 
 	va_start(ap, fmt);
 
-	len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
-	if (len == -1 || len >= ms->o.len) {
+	len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
+	if (len == -1) {
+		file_error(ms, errno, "vsnprintf failed");
+		return -1;
+	} else if (len >= ms->o.left) {
 		va_end(ap);
-		if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
+		size = (ms->o.size - ms->o.left) + len + 1024;
+		if ((buf = realloc(ms->o.buf, size)) == NULL) {
 			file_oomem(ms);
 			return -1;
 		}
-		ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
+		diff = ms->o.ptr - ms->o.buf;
+		ms->o.ptr = buf + diff;
 		ms->o.buf = buf;
-		ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
-		ms->o.size = len + 1024;
+		ms->o.left = size - diff;
+		ms->o.size = size;
 
 		va_start(ap, fmt);
-		len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
+		len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
+		if (len == -1) {
+			file_error(ms, errno, "vsnprintf failed");
+			return -1;
+		}
 	}
 	ms->o.ptr += len;
-	ms->o.len -= len;
+	ms->o.left -= len;
 	va_end(ap);
 	return 0;
 }
@@ -152,8 +165,8 @@ file_reset(struct magic_set *ms)
 protected const char *
 file_getbuffer(struct magic_set *ms)
 {
-	char *nbuf, *op, *np;
-	size_t nsize;
+	char *pbuf, *op, *np;
+	size_t psize, len;
 
 	if (ms->haderr)
 		return NULL;
@@ -161,14 +174,20 @@ file_getbuffer(struct magic_set *ms)
 	if (ms->flags & MAGIC_RAW)
 		return ms->o.buf;
 
-	nsize = ms->o.len * 4 + 1;
-	if (ms->o.psize < nsize) {
-		if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
+	len = ms->o.size - ms->o.left;
+	if (len > (SIZE_T_MAX - 1) / 4) {
+		file_oomem(ms);
+		return NULL;
+	}
+	/* * 4 is for octal representation, + 1 is for NUL */
+	psize = len * 4 + 1;
+	if (ms->o.psize < psize) {
+		if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
 			file_oomem(ms);
 			return NULL;
 		}
-		ms->o.psize = nsize;
-		ms->o.pbuf = nbuf;
+		ms->o.psize = psize;
+		ms->o.pbuf = pbuf;
 	}
 
 	for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
Index: usr.bin/file/magic.c
===================================================================
RCS file: /cvs/src/usr.bin/file/magic.c,v
retrieving revision 1.2
retrieving revision 1.2.12.1
diff -u -p -r1.2 -r1.2.12.1
--- usr.bin/file/magic.c	19 May 2004 02:36:26 -0000	1.2
+++ usr.bin/file/magic.c	9 Jul 2007 17:32:48 -0000	1.2.12.1
@@ -1,4 +1,4 @@
-/* $OpenBSD: magic.c,v 1.2 2004/05/19 02:36:26 tedu Exp $ */
+/* $OpenBSD: magic.c,v 1.2.12.1 2007/07/09 17:32:48 ckuethe Exp $ */
 /*
  * Copyright (c) Christos Zoulas 2003.
  * All Rights Reserved.
@@ -66,7 +66,7 @@
 #include "patchlevel.h"
 
 #ifndef	lint
-FILE_RCSID("@(#)$Id: magic.c,v 1.2 2004/05/19 02:36:26 tedu Exp $")
+FILE_RCSID("@(#)$Id: magic.c,v 1.2.12.1 2007/07/09 17:32:48 ckuethe Exp $")
 #endif	/* lint */
 
 #ifdef __EMX__
@@ -93,8 +93,7 @@ magic_open(int flags)
 		return NULL;
 	}
 
-	ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
-	ms->o.len = 0;
+	ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
 	if (ms->o.buf == NULL) {
 		free(ms);
 		return NULL;