From fc787e435aba0f173ad7afa7e7cdcc47fece2b73 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Sim=C3=B5es?= <jose.simoes@eclo.solutions>
Date: Thu, 13 Nov 2025 16:04:07 +0000
Subject: [PATCH] Fix accessing a null element in a byref array

- Code now grabs element type from array instead of element when element is null.
---
 src/CLR/Core/TypeSystem.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/CLR/Core/TypeSystem.cpp b/src/CLR/Core/TypeSystem.cpp
index f1948f1da0..d13f6633db 100644
--- a/src/CLR/Core/TypeSystem.cpp
+++ b/src/CLR/Core/TypeSystem.cpp
@@ -2546,6 +2546,16 @@ HRESULT CLR_RT_TypeDescriptor::InitializeFromObject(const CLR_RT_HeapBlock &ref)
                 {
                     obj = (CLR_RT_HeapBlock *)array->GetElement(obj->ArrayIndex());
 
+                    // For reference arrays, if the element is null, we need to get the type from the array's element
+                    // type rather than trying to dereference a null object
+                    if (obj->Dereference() == nullptr)
+                    {
+                        // Use the array's element type.
+                        // Keep 'reflex' null to avoid carrying array levels when returning an element type.
+                        cls = &(array->ReflectionDataConst().data.type);
+                        break;
+                    }
+
                     NANOCLR_SET_AND_LEAVE(InitializeFromObject(*obj));
                 }