When accessing an array of boxed elements (ex. java.lang.Integer) via reflection, the VM segfaults. The problem is that our array access functions (ie. array_element_set) unbox the boxed primitive ignoring the actual type of the destination array. This leads to the primitive value being written into the object-array. The following is a snippet of the SEGV log: LOG: [0x00002aaaab2346d0] We received a SIGSEGV and tried to handle it, but we were LOG: [0x00002aaaab2346d0] unable to find a Java method at: LOG: [0x00002aaaab2346d0] LOG: [0x00002aaaab2346d0] PC=0x00002aaaab308311 LOG: [0x00002aaaab2346d0] LOG: [0x00002aaaab2346d0] Dumping the current stacktrace: at java.lang.reflect.Array.set(Ljava/lang/Object;ILjava/lang/Object;)V(Native Method) at PR119.test()V(PR119.java:37) [...] I have already written a regression test and will commit it in a second. I have only tested this with OpenJDK so far, but I suspect GNU Classpath is not being affected. This is a critical bug because it can be exploited easily.