Hey I think I hit a bug in AS 2.13.0 (or I've registered something wrong). In my real case it's more complex, but I managed to reproduce it like this: 1. Register a very simple class

engine->RegisterObjectType( "Test", sizeof(float), asOBJ_VALUE | asOBJ_POD | asOBJ_APP_CLASS_C );

(For testing I just pretend a float is a custom class.) 2. Register an operator for it:

engine->RegisterGlobalBehaviour( asBEHAVE_ADD, "Test f(Test &in, Test &in)", asFUNCTION(add), asCALL_CDECL);

("add" is just implemented as a simple add operator for floats) 3. Register a function with 2+ arguments of our type:

engine->RegisterGlobalFunction("void doStuff(Test, Test)", asFUNCTION(doStuff), asCALL_CDECL);

(This function can to whatever, it'll never enter it anyway. :) 4. Make a simple script function that declares two variables of our class, and runs "doStuff" on it:

Test test1, test2;
doStuff( test1, test1 + test2 ); // This one will work
doStuff( test1 + test2, test1 ); // This one will blow

The second one crashes in as_callfunc_x86.cpp:298

memcpy(&paramBuffer[dpos], *(void**)(args+spos), descr->parameterTypes[n].GetSizeInMemoryBytes());

This is where it makes a copy of the argument, but the second argument (the "test1") has already been freed (I've traced it and it's freed, I think somewhere between the argument evaluation and the actual function call, but I'm not totally sure.) I don't know why this is happening and I'm not familiar enough with the compiler to figure it out, but the repro case is fairly easy. Shout if you need any more details. :)

Ah, well this class was just an example when I did a repro. In my real case it's a more complex class. :)