export: Fix use-after-free on multiple calls overwriting same FILE (!4494) · Merge requests · CMake / CMake

Brad King requested to merge brad.king/cmake:export-twice into master Mar 18, 2020

CMake 3.16 and below allow multiple export() calls with the same output file even without using APPEND. The implementation worked by accident by leaking memory. Refactoring in !4166 (merged) cleaned up that memory leak and converted it to a use-after-free instead.

The problem is caused by using the cmGlobalGenerator::BuildExportSets map to own cmExportBuildFileGenerator instances. It can own only one instance per output FILE name at a time, so repeating use of the same file now frees the old cmExportBuildFileGenerator instance and leaves the pointer in the cmMakefile::ExportBuildFileGenerators vector dangling. Move ownership of the instances into cmMakefile's vector since its entries are not replaced on a repeat output FILE.

In future work we should introduce a policy to error out on this case. For now simply fix the use-after-free to restore CMake <= 3.16 behavior.

Fixes: #20469 (closed)
Backport: release
Topic-rename: export-repeat

Edited Mar 19, 2020 by Brad King

export: Fix use-after-free on multiple calls overwriting same FILE

Merge request reports