cmake: Fix read-after-free while checking command-line arguments

Since commit v2.8.12~300^2~1 (CLI: Suppress the unused warning if the key value pair is cached, 2013-05-16), cmake::SetCacheArgs saves a cachedValue pointer and may cause the memory to be freed (by setting the cache entry) before reading it again. Fix this by saving the old value in a separate string.
2014-06-12 09:46:54 -04:00 · 2014-06-12 09:46:54 -04:00 · 23ffb72ab3
parent b041fc13db
commit 23ffb72ab3
1 changed files with 13 additions and 5 deletions
--- a/Source/cmake.cxx
+++ b/Source/cmake.cxx
@ -343,16 +343,24 @@ bool cmake::SetCacheArgs(const std::vector<std::string>& args)
        // The value is transformed if it is a filepath for example, so
        // we can't compare whether the value is already in the cache until
        // after we call AddCacheEntry.
-        const char *cachedValue =
-                              this->CacheManager->GetCacheValue(var);
+        bool haveValue = false;
+        std::string cachedValue;
+        if(this->WarnUnusedCli)
+          {
+          if(const char *v = this->CacheManager->GetCacheValue(var))
+            {
+            haveValue = true;
+            cachedValue = v;
+            }
+          }

        this->CacheManager->AddCacheEntry(var, value.c_str(),
          "No help, variable specified on the command line.", type);
+
        if(this->WarnUnusedCli)
          {
-          if (!cachedValue
-              || strcmp(this->CacheManager->GetCacheValue(var),
-                        cachedValue) != 0)
+          if (!haveValue ||
+              cachedValue != this->CacheManager->GetCacheValue(var))
            {
            this->WatchUnusedCli(var);
            }