cmake: Fix read-after-free while checking command-line arguments

Since commit v2.8.12~300^2~1 (CLI: Suppress the unused warning if the
key value pair is cached, 2013-05-16), cmake::SetCacheArgs saves a
cachedValue pointer and may cause the memory to be freed (by setting the
cache entry) before reading it again.  Fix this by saving the old value
in a separate string.

1 files changed, 13 insertions, 5 deletions

diff --git a/Source/cmake.cxx b/Source/cmake.cxx
index e3bebbd..86d3766 100644
--- a/Source/cmake.cxx
+++ b/Source/cmake.cxx
@@ -343,16 +343,24 @@ bool cmake::SetCacheArgs(const std::vector<std::string>& args)
         // The value is transformed if it is a filepath for example, so
         // we can't compare whether the value is already in the cache until
         // after we call AddCacheEntry.
-        const char *cachedValue =
-                              this->CacheManager->GetCacheValue(var);
+        bool haveValue = false;
+        std::string cachedValue;
+        if(this->WarnUnusedCli)
+          {
+          if(const char *v = this->CacheManager->GetCacheValue(var))
+            {
+            haveValue = true;
+            cachedValue = v;
+            }
+          }
 
         this->CacheManager->AddCacheEntry(var, value.c_str(),
           "No help, variable specified on the command line.", type);
+
         if(this->WarnUnusedCli)
           {
-          if (!cachedValue
-              || strcmp(this->CacheManager->GetCacheValue(var),
-                        cachedValue) != 0)
+          if (!haveValue ||
+              cachedValue != this->CacheManager->GetCacheValue(var))
             {
             this->WatchUnusedCli(var);
             }