It seems thatShelter may callUNPROTECT with highern than the number ofPROTECT calls it issued because it increments thenprotected member even forNILSXPs, which are however ignored inRcpp_protect. This does not cause a crash on GNU-R for some reason, but if there are some preexistingSEXPs on the protection stack, it may pop them out unintentionally.

Suggested patch:

--- a/inst/include/Rcpp/protection/Shelter.h+++ b/inst/include/Rcpp/protection/Shelter.h@@ -26,7 +26,7 @@ namespace Rcpp {         Shelter() : nprotected(0){}          inline SEXP operator()(SEXP x){-            nprotected++;+           if ( x != R_NilValue ) nprotected++;             return Rcpp_protect(x) ;         }

the same measure is already taken inShield:

        Shield( SEXP t_) : t(Rcpp_protect(t_)){}        ~Shield(){            if( t != R_NilValue ) Rcpp_unprotect(1) ;        }

Some code snippets that trigger this issue were reported to FastR, but as noted above, they do not cause any observable issues on GNU-R

oracle/fastr#53
oracle/fastr#50