From cf145de21e06489171caedead35830875e4b1fc8 Mon Sep 17 00:00:00 2001
From: Lukas Tenbrink <lukas.tenbrink@gmail.com>
Date: Fri, 10 Jan 2025 12:20:13 +0100
Subject: [PATCH] Revert regression (GH-31736) of memory unsafe append_array
 (append vector to itself). Add comments to prevent future regressions.

---
 core/templates/local_vector.h | 1 +
 core/templates/vector.h       | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/core/templates/local_vector.h b/core/templates/local_vector.h
index d20fe49eba6f..b89799abcfc8 100644
--- a/core/templates/local_vector.h
+++ b/core/templates/local_vector.h
@@ -57,6 +57,7 @@ class LocalVector {
 		return data;
 	}
 
+	// Must take a copy instead of a reference (see GH-31736).
 	_FORCE_INLINE_ void push_back(T p_elem) {
 		if (unlikely(count == capacity)) {
 			capacity = tight ? (capacity + 1) : MAX((U)1, capacity << 1);
diff --git a/core/templates/vector.h b/core/templates/vector.h
index 02f0783aefe7..3cede4300dc5 100644
--- a/core/templates/vector.h
+++ b/core/templates/vector.h
@@ -71,6 +71,7 @@ class Vector {
 	CowData<T> _cowdata;
 
 public:
+	// Must take a copy instead of a reference (see GH-31736).
 	bool push_back(T p_elem);
 	_FORCE_INLINE_ bool append(const T &p_elem) { return push_back(p_elem); } //alias
 	void fill(T p_elem);
@@ -99,12 +100,14 @@ class Vector {
 	Error resize(Size p_size) { return _cowdata.resize(p_size); }
 	Error resize_zeroed(Size p_size) { return _cowdata.template resize<true>(p_size); }
 	_FORCE_INLINE_ const T &operator[](Size p_index) const { return _cowdata.get(p_index); }
+	// Must take a copy instead of a reference (see GH-31736).
 	Error insert(Size p_pos, T p_val) { return _cowdata.insert(p_pos, p_val); }
 	Size find(const T &p_val, Size p_from = 0) const { return _cowdata.find(p_val, p_from); }
 	Size rfind(const T &p_val, Size p_from = -1) const { return _cowdata.rfind(p_val, p_from); }
 	Size count(const T &p_val) const { return _cowdata.count(p_val); }
 
-	void append_array(const Vector<T> &p_other);
+	// Must take a copy instead of a reference (see GH-31736).
+	void append_array(Vector<T> p_other);
 
 	_FORCE_INLINE_ bool has(const T &p_val) const { return find(p_val) != -1; }
 
@@ -301,7 +304,7 @@ void Vector<T>::reverse() {
 }
 
 template <typename T>
-void Vector<T>::append_array(const Vector<T> &p_other) {
+void Vector<T>::append_array(Vector<T> p_other) {
 	const Size ds = p_other.size();
 	if (ds == 0) {
 		return;