From 776603bedcc96b7d7c9006043e3902dce365a0f4 Mon Sep 17 00:00:00 2001
From: Thomas Arcila <134677+tarcila@users.noreply.github.com>
Date: Wed, 10 Jun 2026 13:26:41 +0000
Subject: [PATCH] fix(tsd-ui): copy color ID before self-referential push_back

ImVector::push_back(m_colorIDs.back()) passed a reference into the same
buffer push_back reallocates; reserve() freed it before the copy, a
use-after-free flagged by valgrind. Copy to a local first.
---
 tsd/src/tsd/ui/imgui/windows/Log.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tsd/src/tsd/ui/imgui/windows/Log.cpp b/tsd/src/tsd/ui/imgui/windows/Log.cpp
index 2e5dbded6..2201aa97c 100644
--- a/tsd/src/tsd/ui/imgui/windows/Log.cpp
+++ b/tsd/src/tsd/ui/imgui/windows/Log.cpp
@@ -107,8 +107,10 @@ void Log::addText(tsd::core::LogLevel level, const std::string &msg)
   for (int new_size = m_buf.size(); old_size < new_size; old_size++) {
     if (m_buf[old_size] == '\n') {
       m_lineOffsets.push_back(old_size + 1);
-      if (old_size + 1 < new_size)
-        m_colorIDs.push_back(m_colorIDs.back());
+      if (old_size + 1 < new_size) {
+        const int lastColorID = m_colorIDs.back();
+        m_colorIDs.push_back(lastColorID);
+      }
     }
   }
 }