memmove moves a number of bytes, not pointers, so if you passed a number
of arguments that is larger than the pointer byte size, you could
end up crashing or skipping the install of a file and installing another
twice.

Also, argv was never decreased to match the moved arguments, so the -t
parameter was added in the NULL argv slot.
---
 xinstall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/xinstall.c b/xinstall.c
index bf921fb..869237a 100644
--- a/xinstall.c
+++ b/xinstall.c
@@ -222,7 +222,7 @@ main(int argc, char *argv[])
        }
 
        if (tflag) {
-               memmove(argv - 1, argv, argc);
+               argv = memmove(argv - 1, argv, argc * sizeof(*argv));
                argv[argc++] = tflag;
        }
        if (tflag || argc > 2) {
-- 
2.10.2


Reply via email to