Finaliser on weak pointers allows to acces invalid address #5233
Original bug ID: 5233
In bytecode, if a weak pointer and the value it points are garbage collected at the same time, a finaliser which dereferences the weak pointer can access invalid memory.
For example the following code produces a segmentation fault :
let target = ref [2;3]
let t = ref (Weak.create 1)
let () = Weak.set !t 0 (Some !target);
(** Force to grow the heap *)
let () =
The text was updated successfully, but these errors were encountered:
Comment author: @damiendoligez
As far as I can tell, the "Value not garbage collected" message is consistent with the semantics of weak pointers.
I have added a better test case in testsuite/tests/regression/pr5233
Fixed in 4.00 (commit 12625) and trunk (commit 12627).