As mentioned in a comment on line 198 of 'tee.c', 'tee' overwrites
'argv[argc]'. This is very bad style at best, and probably undefined
behavior on at least some platforms. The attached patch replaces the
current hack with another hack that is still bad style, but probably
safer than the current hack.
--
Rainer Deyke ([email protected])
--- tee.c 2015-06-26 19:04:19.000000000 +0200
+++ tee-fix.c 2015-10-03 11:35:37.190245786 +0200
@@ -194,10 +194,12 @@
descriptors = xnmalloc (nfiles + 1, sizeof *descriptors);
- /* Move all the names 'up' one in the argv array to make room for
- the entry for standard output. This writes into argv[argc]. */
- for (i = nfiles; i >= 1; i--)
- files[i] = files[i - 1];
+ /* Effectively move all the names 'up' one in the argv array to
+ make room for the entry for standard output. This will cause
+ the element of argv immediately before the list of file
+ (either an options argument or argv[0]) to be overwritten
+ later. */
+ files--;
if (O_BINARY && ! isatty (STDIN_FILENO))
xfreopen (NULL, "rb", stdin);
