mirror/CMake
1
0
Fork 0
mirror of https://github.com/Kitware/CMake.git synced 2026-04-24 07:08:38 -05:00
Code Issues Packages Projects Releases Wiki Activity

export: Fix use-after-free on multiple calls overwriting same FILE

Browse Source 
CMake 3.16 and below allow multiple `export()` calls with the same output
file even without using `APPEND`.  The implementation worked by accident
by leaking memory.  Refactoring in commit 5444a8095d (cmGlobalGenerator:
modernize memrory managemenbt, 2019-12-29, v3.17.0-rc1~239^2) cleaned up
that memory leak and converted it to a use-after-free instead.

The problem is caused by using the `cmGlobalGenerator::BuildExportSets`
map to own `cmExportBuildFileGenerator` instances.  It can own only
one instance per output FILE name at a time, so repeating use of the
same file now frees the old `cmExportBuildFileGenerator` instance
and leaves the pointer in the `cmMakefile::ExportBuildFileGenerators`
vector dangling.  Move ownership of the instances into `cmMakefile`'s
vector since its entries are not replaced on a repeat output FILE.

In future work we should introduce a policy to error out on this case.
For now simply fix the use-after-free to restore CMake <= 3.16 behavior.

Fixes: #20469
This commit is contained in:
Brad King
2020-03-18 09:51:46 -04:00
parent 1ec72e0947
commit 8affe9aa33
8 changed files with 41 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Source/cmGlobalGenerator.h
+4 -6
View File
@@ -463,13 +463,12 @@ public:
void ProcessEvaluationFiles();
std::map<std::string, std::unique_ptr<cmExportBuildFileGenerator>>&
GetBuildExportSets()
std::map<std::string, cmExportBuildFileGenerator*>& GetBuildExportSets()
{
return this->BuildExportSets;
}
void AddBuildExportSet(std::unique_ptr<cmExportBuildFileGenerator>);
void AddBuildExportExportSet(std::unique_ptr<cmExportBuildFileGenerator>);
void AddBuildExportSet(cmExportBuildFileGenerator* gen);
void AddBuildExportExportSet(cmExportBuildFileGenerator* gen);
bool IsExportedTargetsFile(const std::string& filename) const;
bool GenerateImportFile(const std::string& file);
cmExportBuildFileGenerator* GetExportedTargetsFile(
@@ -580,8 +579,7 @@ protected:
std::set<std::string> InstallComponents;
// Sets of named target exports
cmExportSetMap ExportSets;
std::map<std::string, std::unique_ptr<cmExportBuildFileGenerator>>
BuildExportSets;
std::map<std::string, cmExportBuildFileGenerator*> BuildExportSets;
std::map<std::string, cmExportBuildFileGenerator*> BuildExportExportSets;
std::map<std::string, std::string> AliasTargets;