From 660dd121c71b0e7b77a23fe3699eafa266769440 Mon Sep 17 00:00:00 2001
From: Marius Kintel <marius@kintel.net>
Date: Sat, 24 Aug 2024 23:11:58 -0400
Subject: [PATCH] Fix freed memory access issue: A vector may be resized during
 use, which would invalidate all pointers into it (#5270)

---
 src/glview/cgal/CGAL_OGL_VBO_helper.h | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/src/glview/cgal/CGAL_OGL_VBO_helper.h b/src/glview/cgal/CGAL_OGL_VBO_helper.h
index 6d0689d36e..2ff54d5436 100644
--- a/src/glview/cgal/CGAL_OGL_VBO_helper.h
+++ b/src/glview/cgal/CGAL_OGL_VBO_helper.h
@@ -153,12 +153,10 @@ class VBOPolyhedron : public virtual Polyhedron
   }
 
   static inline void CGAL_GLU_TESS_CALLBACK combineCallback(GLdouble coords[3], GLvoid *[4], GLfloat [4], GLvoid **dataOut) {
-    static std::vector<GLdouble> vertexCache;
+    static std::vector<std::unique_ptr<Vector3d>> vertexCache;
     if (dataOut) {
-      vertexCache.push_back(coords[0]);
-      vertexCache.push_back(coords[1]);
-      vertexCache.push_back(coords[2]);
-      *dataOut = &(vertexCache.back()) - 2;
+      vertexCache.push_back(std::make_unique<Vector3d>(coords));
+      *dataOut = vertexCache.back().get();
     } else {
       vertexCache.clear();
     }