diff options
| author | Brad King <brad.king@kitware.com> | 2020-03-18 13:51:46 (GMT) |
|---|---|---|
| committer | Brad King <brad.king@kitware.com> | 2020-03-19 10:41:39 (GMT) |
| commit | 8affe9aa336b873e9c8e40ec5911ffe23c2ef03a (patch) | |
| tree | 0d2b79f86c604c23d3ceff99a69a93fcb9b6c38a /Source/cmMakefile.cxx | |
| parent | 1ec72e09471287630cf142d8587a9b8d9abad629 (diff) | |
| download | CMake-8affe9aa336b873e9c8e40ec5911ffe23c2ef03a.zip CMake-8affe9aa336b873e9c8e40ec5911ffe23c2ef03a.tar.gz CMake-8affe9aa336b873e9c8e40ec5911ffe23c2ef03a.tar.bz2 | |
export: Fix use-after-free on multiple calls overwriting same FILE
CMake 3.16 and below allow multiple `export()` calls with the same output
file even without using `APPEND`. The implementation worked by accident
by leaking memory. Refactoring in commit 5444a8095d (cmGlobalGenerator:
modernize memrory managemenbt, 2019-12-29, v3.17.0-rc1~239^2) cleaned up
that memory leak and converted it to a use-after-free instead.
The problem is caused by using the `cmGlobalGenerator::BuildExportSets`
map to own `cmExportBuildFileGenerator` instances. It can own only
one instance per output FILE name at a time, so repeating use of the
same file now frees the old `cmExportBuildFileGenerator` instance
and leaves the pointer in the `cmMakefile::ExportBuildFileGenerators`
vector dangling. Move ownership of the instances into `cmMakefile`'s
vector since its entries are not replaced on a repeat output FILE.
In future work we should introduce a policy to error out on this case.
For now simply fix the use-after-free to restore CMake <= 3.16 behavior.
Fixes: #20469
Diffstat (limited to 'Source/cmMakefile.cxx')
| -rw-r--r-- | Source/cmMakefile.cxx | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/Source/cmMakefile.cxx b/Source/cmMakefile.cxx index b2e59bd..18689fa 100644 --- a/Source/cmMakefile.cxx +++ b/Source/cmMakefile.cxx @@ -32,6 +32,7 @@ #include "cmCustomCommandLines.h" #include "cmExecutionStatus.h" #include "cmExpandedCommandArgument.h" // IWYU pragma: keep +#include "cmExportBuildFileGenerator.h" #include "cmFileLockPool.h" #include "cmFunctionBlocker.h" #include "cmGeneratedFileStream.h" @@ -780,7 +781,7 @@ cmMakefile::GetEvaluationFiles() const return this->EvaluationFiles; } -std::vector<cmExportBuildFileGenerator*> +std::vector<std::unique_ptr<cmExportBuildFileGenerator>> const& cmMakefile::GetExportBuildFileGenerators() const { return this->ExportBuildFileGenerators; @@ -789,16 +790,21 @@ cmMakefile::GetExportBuildFileGenerators() const void cmMakefile::RemoveExportBuildFileGeneratorCMP0024( cmExportBuildFileGenerator* gen) { - auto it = std::find(this->ExportBuildFileGenerators.begin(), - this->ExportBuildFileGenerators.end(), gen); + auto it = + std::find_if(this->ExportBuildFileGenerators.begin(), + this->ExportBuildFileGenerators.end(), + [gen](std::unique_ptr<cmExportBuildFileGenerator> const& p) { + return p.get() == gen; + }); if (it != this->ExportBuildFileGenerators.end()) { this->ExportBuildFileGenerators.erase(it); } } -void cmMakefile::AddExportBuildFileGenerator(cmExportBuildFileGenerator* gen) +void cmMakefile::AddExportBuildFileGenerator( + std::unique_ptr<cmExportBuildFileGenerator> gen) { - this->ExportBuildFileGenerators.push_back(gen); + this->ExportBuildFileGenerators.emplace_back(std::move(gen)); } namespace { |