From d01120a47a53fbe4bab1b1c313036f956dbf77d9 Mon Sep 17 00:00:00 2001 From: Ben Boeckel Date: Tue, 28 Nov 2023 21:10:38 -0500 Subject: cmGlobalGenerator: clear RuntimeDependencySet members at configure MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Commit f2617cf8e6 (Source: Add cmInstallRuntimeDependencySet, 2021-05-19) introduced via !6186 to 3.21 added storage to the global generator for runtime dependency sets. However, this was not cleared at the start of configure in the `ClearGeneratorMembers()` method. When using `ccmake` to configure (and, presumably `cmake-gui` too), projects using `install(TARGETS … RUNTIME_DEPENDENCY_SET)` would use dependency set tracking instances from previous configure runs that held references to targets free'd with the `cmMakefile` instance that held them. Clear the dependency sets at the beginning of configure so that they are not remembered and trigger via use-after-free bugs when used. Fixes: #25446 --- Source/cmGlobalGenerator.cxx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Source/cmGlobalGenerator.cxx b/Source/cmGlobalGenerator.cxx index bec389f..c2b972d 100644 --- a/Source/cmGlobalGenerator.cxx +++ b/Source/cmGlobalGenerator.cxx @@ -1999,6 +1999,8 @@ void cmGlobalGenerator::ClearGeneratorMembers() this->DirectoryContentMap.clear(); this->BinaryDirectories.clear(); this->GeneratedFiles.clear(); + this->RuntimeDependencySets.clear(); + this->RuntimeDependencySetsByName.clear(); } void cmGlobalGenerator::ComputeTargetObjectDirectory( -- cgit v0.12