From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
From: Tyler Yankee <tyler.yankee@kitware.com>
Date: Wed, 13 Aug 2025 15:22:28 -0400
Subject: [PATCH] foreach: Explicitly skip replay without iterations

As written, foreach loops with a trailing `IN` (i.e., no loop
variable(s) given) lead to an assertion error. Handle this case by
exiting early when we know the loop won't execute anything.

Fixes: #27135

CVE: CVE-2025-9301

Upstream-Status: Backport
https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8

Signed-off-by: Tyler Yankee <tyler.yankee@kitware.com>
Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
---
 Source/cmForEachCommand.cxx                  | 3 +++
 Tests/RunCMake/foreach/RunCMakeTest.cmake    | 1 +
 Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
 Tests/RunCMake/foreach/TrailingIn.cmake      | 5 +++++
 4 files changed, 10 insertions(+)
 create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
 create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake

diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
index 21a140d0..23f953a5 100644
--- a/Source/cmForEachCommand.cxx
+++ b/Source/cmForEachCommand.cxx
@@ -101,6 +101,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
 bool cmForEachFunctionBlocker::Replay(
   std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
 {
+  if (this->Args.size() == this->IterationVarsCount) {
+    return true;
+  }
   return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
                         : this->ReplayItems(functions, inStatus);
 }
diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
index 15ca4770..acfc742e 100644
--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
+++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
 run_cmake(foreach-RANGE-out-of-range-test)
 run_cmake(foreach-var-scope-CMP0124-OLD)
 run_cmake(foreach-var-scope-CMP0124-NEW)
+run_cmake(TrailingIn)
diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
new file mode 100644
index 00000000..573541ac
--- /dev/null
+++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
@@ -0,0 +1 @@
+0
diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
new file mode 100644
index 00000000..e2b5b2f2
--- /dev/null
+++ b/Tests/RunCMake/foreach/TrailingIn.cmake
@@ -0,0 +1,5 @@
+foreach(v IN)
+endforeach()
+
+foreach(v1 v2 IN)
+endforeach()
-- 
2.44.3