Use-after-free in cmGlobalUnixMakefileGenerator3.cxx in cmake-server mode
When configuring or computing/generating build information, ProgressMap
incmGlobalUnixMakefleGenerator3
stores pointers to cmGeneratorTarget
instances. With the new CMake server mode, a user is able to cause configuration/generation to happen a more than once on a single cmGlobalUnixMakefileGenerator3
instance. All the cmGeneratorTarget
instances from the previous configure process are destroyed once configuration starts again, but the pointers in ProgressMap
live on. Any attempt to access elements inside ProgressMap
will cause the old cmGeneratorTarget
pointers to be reused. As such, requesting a configure/generate a second time when using cmake -E server
will cause undefined behavior, and usually manifests as CMake crashing.