I know this is REALLY late, but I just got it recreated in a test program. Attaching the test problem to this post.

Some stuff that might be of interest:

virtual void AddRef()=0;
virtual void Release()=0;

Commenting out these make it all work!


class cMyType : public cExtraBase, public cBaseType
{

Swapping position of cExtraBase and cBaseType (so that a pointer to BaseType has 0 memory offset), makes it all work.

I think there must be some memory problem and that when calling AddRef and Release, not the correct adress is used.


NOTE: I Saw that my first post contained code snipped (the last one) that was exactly the same as the first, and thus must have made the post extra confusion. Really sorry about that!

The problem is a bug in AngelScript.

With the sample you provided it only took me 5 minutes to find the problem. When AngelScript is calling the AddRef/Release methods it doesn't use the code in as_callfunc_xxx.cpp, instead it calls the method directly by casting the function pointer to a known function signature, which is a lot faster than the more generic code in as_callfunc_xxx.cpp. Unfortunately in this code I had forgotten to properly adjust the this pointer for class methods on classes with multiple inheritance, hence the crash.

To fix the problem, please add the following line of code to as_scriptengine.cpp in CallObjectMethod (line 2851):


obj = (void*)(size_t(obj) + i->baseOffset);


It's funny how some bugs can live on for so long in the code without being detected. This particular bug is more than 5 years old.

Thanks a lot for the code that reproduces the problem. I'll be sure to add this to the regression test suite, and also check for problems in the other methods that call class methods directly.

Regards,
Andreas

Fix has been checked into the SVN (rev 879)