From fe44f057f200619702e42e472b3e18612eaa359f Mon Sep 17 00:00:00 2001
From: Brad King <brad.king@kitware.com>
Date: Thu, 12 Jun 2014 09:46:54 -0400
Subject: [PATCH] cmake: Fix read-after-free while checking command-line
 arguments

Since commit v2.8.12~300^2~1 (CLI: Suppress the unused warning if the
key value pair is cached, 2013-05-16), cmake::SetCacheArgs saves a
cachedValue pointer and may cause the memory to be freed (by setting the
cache entry) before reading it again.  Fix this by saving the old value
in a separate string.
---
 Source/cmake.cxx | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/Source/cmake.cxx b/Source/cmake.cxx
index 7cbc1dab4..fafcca8d2 100644
--- a/Source/cmake.cxx
+++ b/Source/cmake.cxx
@@ -339,16 +339,24 @@ bool cmake::SetCacheArgs(const std::vector<std::string>& args)
         // The value is transformed if it is a filepath for example, so
         // we can't compare whether the value is already in the cache until
         // after we call AddCacheEntry.
-        const char *cachedValue =
-                              this->CacheManager->GetCacheValue(var.c_str());
+        bool haveValue = false;
+        std::string cachedValue;
+        if(this->WarnUnusedCli)
+          {
+          if(const char *v = this->CacheManager->GetCacheValue(var.c_str()))
+            {
+            haveValue = true;
+            cachedValue = v;
+            }
+          }
 
         this->CacheManager->AddCacheEntry(var.c_str(), value.c_str(),
           "No help, variable specified on the command line.", type);
+
         if(this->WarnUnusedCli)
           {
-          if (!cachedValue
-              || strcmp(this->CacheManager->GetCacheValue(var.c_str()),
-                        cachedValue) != 0)
+          if (!haveValue ||
+              cachedValue != this->CacheManager->GetCacheValue(var.c_str()))
             {
             this->WatchUnusedCli(var.c_str());
             }