[hackers] [sbase] [PATCH] xinstall: Fix broken memmove with -t

From: Michael Forney <mforney_AT_mforney.org>
Date: Thu, 1 Dec 2016 22:50:20 -0800

memmove moves a number of bytes, not pointers, so if you passed a number
of arguments that is larger than the pointer byte size, you could
end up crashing or skipping the install of a file and installing another
twice.

Also, argv was never decreased to match the moved arguments, so the -t
parameter was added in the NULL argv slot.
---
 xinstall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xinstall.c b/xinstall.c
index bf921fb..869237a 100644
--- a/xinstall.c
+++ b/xinstall.c
_AT_@ -222,7 +222,7 @@ main(int argc, char *argv[])
 	}
 
 	if (tflag) {
-		memmove(argv - 1, argv, argc);
+		argv = memmove(argv - 1, argv, argc * sizeof(*argv));
 		argv[argc++] = tflag;
 	}
 	if (tflag || argc > 2) {
-- 
2.10.2
Received on Fri Dec 02 2016 - 07:50:20 CET

This archive was generated by hypermail 2.3.0 : Fri Dec 02 2016 - 08:00:19 CET