Page History

Command-line arguments are passed to {{main()}} as pointers to null-terminated byte strings in the array members {{argv\[0\]}} through {{argv\[argc-1\]}}.  If the value of {{argc}} is greater than zero, the string pointed to by {{argv\[0\]}} representsis, by convention, the program name. If the value of {{argc}} is greater than one, the strings pointedreferenced to by {{argv\[1\]}} through {{argv\[argc-1\]}} representare the actual program parametersarguments. 

The parameters {{argc}} and {{argv}} and the strings pointed to by the {{argv}} array are not modifiable by the program and retain their last-stored values between program startup and program termination.  This requires that a copy of these parameters be made before the strings can be modified.  Vulnerabilities can occur when inadequate space is allocated to copy a command-line argument.  In this non-compliant code example, the contents of {{argv\[0\]}} can be manipulated by an attacker to cause a buffer overflow: