From 23ffb72ab3c37652b8d6f1201a5f313cb0d4f8a6 Mon Sep 17 00:00:00 2001 From: Brad King Date: Thu, 12 Jun 2014 09:46:54 -0400 Subject: cmake: Fix read-after-free while checking command-line arguments Since commit v2.8.12~300^2~1 (CLI: Suppress the unused warning if the key value pair is cached, 2013-05-16), cmake::SetCacheArgs saves a cachedValue pointer and may cause the memory to be freed (by setting the cache entry) before reading it again. Fix this by saving the old value in a separate string. --- Source/cmake.cxx | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/Source/cmake.cxx b/Source/cmake.cxx index e3bebbd..86d3766 100644 --- a/Source/cmake.cxx +++ b/Source/cmake.cxx @@ -343,16 +343,24 @@ bool cmake::SetCacheArgs(const std::vector& args) // The value is transformed if it is a filepath for example, so // we can't compare whether the value is already in the cache until // after we call AddCacheEntry. - const char *cachedValue = - this->CacheManager->GetCacheValue(var); + bool haveValue = false; + std::string cachedValue; + if(this->WarnUnusedCli) + { + if(const char *v = this->CacheManager->GetCacheValue(var)) + { + haveValue = true; + cachedValue = v; + } + } this->CacheManager->AddCacheEntry(var, value.c_str(), "No help, variable specified on the command line.", type); + if(this->WarnUnusedCli) { - if (!cachedValue - || strcmp(this->CacheManager->GetCacheValue(var), - cachedValue) != 0) + if (!haveValue || + cachedValue != this->CacheManager->GetCacheValue(var)) { this->WatchUnusedCli(var); } -- cgit v0.12