> Patch 7.3.715
> Problem:    Crash when calling setloclist() in BufUnload autocmd. (Marcin
>        Szamotulski)
> Solution:   Set w_llist to NULL when it was freed.  Also add a test.
>        (Christian Brabandt)
> Files:         src/quickfix.c, src/testdir/test49.ok, src/testdir/test49.vim

> *** ../vim-7.3.714/src/quickfix.c  2012-06-29 12:57:03.000000000 +0200
> --- src/quickfix.c 2012-11-14 22:33:20.000000000 +0100
> ***************
> *** 107,113 ****
>   };

>   static int       qf_init_ext __ARGS((qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title));
> ! static void      qf_new_list __ARGS((qf_info_T *qi, char_u *qf_title));
>   static void      ll_free_all __ARGS((qf_info_T **pqi));
>   static int       qf_add_entry __ARGS((qf_info_T *qi, qfline_T **prevp, char_u *dir, char_u *fname, int bufnum, char_u *mesg, long lnum, int col, int vis_col, char_u *pattern, int nr, int type, int valid));
>   static qf_info_T *ll_new_list __ARGS((void));
> --- 107,113 ----
>   };

>   static int       qf_init_ext __ARGS((qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title));
> ! static void      qf_new_list __ARGS((qf_info_T *qi, char_u *qf_title, win_T *wp));
>   static void      ll_free_all __ARGS((qf_info_T **pqi));
>   static int       qf_add_entry __ARGS((qf_info_T *qi, qfline_T **prevp, char_u *dir, char_u *fname, int bufnum, char_u *mesg, long lnum, int col, int vis_col, char_u *pattern, int nr, int type, int valid));
>   static qf_info_T *ll_new_list __ARGS((void));
> ***************
> *** 266,272 ****

>       if (newlist || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, qf_title);
>       else if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (qfprev = qi->qf_lists[qi->qf_curlist].qf_start;
> --- 266,272 ----

>       if (newlist || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, qf_title, curwin);
>       else if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (qfprev = qi->qf_lists[qi->qf_curlist].qf_start;
> ***************
> *** 885,893 ****
>    * Prepare for adding a new quickfix list.
>    */
>       static void
> ! qf_new_list(qi, qf_title)
>       qf_info_T    *qi;
>       char_u       *qf_title;
>   {
>       int          i;

> --- 885,894 ----
>    * Prepare for adding a new quickfix list.
>    */
>       static void
> ! qf_new_list(qi, qf_title, wp)
>       qf_info_T    *qi;
>       char_u       *qf_title;
> +     win_T        *wp;
>   {
>       int          i;

> ***************
> *** 897,903 ****
> --- 898,908 ----
>        * way with ":grep'.
>        */
>       while (qi->qf_listcount > qi->qf_curlist + 1)
> +     {
> +  if (wp != NULL && wp->w_llist == qi)
> +      wp->w_llist = NULL;
>    qf_free(qi, --qi->qf_listcount);
> +     }

>       /*
>        * When the stack is full, remove to oldest entry
> ***************
> *** 905,910 ****
> --- 910,917 ----
>        */
>       if (qi->qf_listcount == LISTCOUNT)
>       {
> +  if (wp != NULL && wp->w_llist == qi)
> +      wp->w_llist = NULL;
>    qf_free(qi, 0);
>    for (i = 1; i < LISTCOUNT; ++i)
>        qi->qf_lists[i - 1] = qi->qf_lists[i];
> ***************
> *** 3181,3187 ****
>     eap->cmdidx != CMD_vimgrepadd && eap->cmdidx != CMD_lvimgrepadd)
>                                    || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, *eap->cmdlinep);
>       else if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (prevp = qi->qf_lists[qi->qf_curlist].qf_start;
> --- 3188,3194 ----
>     eap->cmdidx != CMD_vimgrepadd && eap->cmdidx != CMD_lvimgrepadd)
>                                    || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, *eap->cmdlinep, curwin);
>       else if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (prevp = qi->qf_lists[qi->qf_curlist].qf_start;
> ***************
> *** 3747,3753 ****

>       if (action == ' ' || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, title);
>       else if (action == 'a' && qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (prevp = qi->qf_lists[qi->qf_curlist].qf_start;
> --- 3754,3760 ----

>       if (action == ' ' || qi->qf_curlist == qi->qf_listcount)
>    /* make place for a new list */
> !  qf_new_list(qi, title, wp);
>       else if (action == 'a' && qi->qf_lists[qi->qf_curlist].qf_count > 0)
>    /* Adding to existing list, find last entry. */
>    for (prevp = qi->qf_lists[qi->qf_curlist].qf_start;
> ***************
> *** 4029,4035 ****
>   #endif

>    /* create a new quickfix list */
> !  qf_new_list(qi, *eap->cmdlinep);

>    /* Go through all directories in 'runtimepath' */
>    p = p_rtp;
> --- 4036,4042 ----
>   #endif

>    /* create a new quickfix list */
> !  qf_new_list(qi, *eap->cmdlinep, wp);

>    /* Go through all directories in 'runtimepath' */
>    p = p_rtp;
> *** ../vim-7.3.714/src/testdir/test49.ok   2010-08-15 21:57:29.000000000 +0200
> --- src/testdir/test49.ok  2012-11-14 22:26:13.000000000 +0100
> ***************
> *** 85,92 ****
>   *** Test  83: OK (2835)
>   *** Test  84: OK (934782101)
>   *** Test  85: OK (198689)
> ! --- Test  86: All tests were run with throwing exceptions on error.
>          The $VIMNOERRTHROW control is not configured.
> ! --- Test  86: All tests were run with throwing exceptions on interrupt.
>          The $VIMNOINTTHROW control is not configured.
> ! *** Test  86: OK (50443995)
> --- 85,94 ----
>   *** Test  83: OK (2835)
>   *** Test  84: OK (934782101)
>   *** Test  85: OK (198689)
> ! --- Test  86: No Crash for vimgrep on BufUnload
> ! *** Test  86: OK (0)
> ! --- Test  87: All tests were run with throwing exceptions on error.
>          The $VIMNOERRTHROW control is not configured.
> ! --- Test  87: All tests were run with throwing exceptions on interrupt.
>          The $VIMNOINTTHROW control is not configured.
> ! *** Test  87: OK (50443995)
> *** ../vim-7.3.714/src/testdir/test49.vim  2010-09-29 16:55:45.000000000 +0200
> --- src/testdir/test49.vim 2012-11-14 22:26:13.000000000 +0100
> ***************
> *** 9603,9611 ****

>   Xcheck 198689

>   "-------------------------------------------------------------------------- -----
> ! " Test 86:  $VIMNOERRTHROW and $VIMNOINTTHROW support                           {{{1
>   "
>   "       It is possible to configure Vim for throwing exceptions on error
>   "       or interrupt, controlled by variables $VIMNOERRTHROW and
> --- 9603,9630 ----

>   Xcheck 198689

> + "-------------------------------------------------------------------------- -----
> + " Test 86   setloclist crash                                                    {{{1
> + "
> + "       Executing a setloclist() on BufUnload shouldn't crash Vim
> + "-------------------------------------------------------------------------- -----
> +
> + func F
> +     au BufUnload * :call setloclist(0, [{'bufnr':1, 'lnum':1, 'col':1, 'text': 'tango down'}])
> +
> +     :lvimgrep /.*/ *
> + endfunc
> +
> + XpathINIT
> +
> + ExecAsScript F
> +
> + delfunction F
> + Xout  "No Crash for vimgrep on BufUnload"
> + Xcheck 0

>   "-------------------------------------------------------------------------- -----
> ! " Test 87:  $VIMNOERRTHROW and $VIMNOINTTHROW support                           {{{1
>   "
>   "       It is possible to configure Vim for throwing exceptions on error
>   "       or interrupt, controlled by variables $VIMNOERRTHROW and
> *** ../vim-7.3.714/src/version.c   2012-11-14 20:52:22.000000000 +0100
> --- src/version.c  2012-11-14 22:36:45.000000000 +0100
> ***************
> *** 727,728 ****
> --- 727,730 ----
>   {   /* Add new patch number below this line */
> + /**/
> +     715,
>   /**/

> --
> One difference between a man and a machine is that a machine is quiet
> when well oiled.

>  /// Bram Moolenaar -- B...@Moolenaar.net -- http://www.Moolenaar.net   \\\
> ///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
> \\\  an exciting new programming language -- http://www.Zimbu.org        ///
>  \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///

> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php

> In my day to day work i use vim in combination with syntastic to do some
> linting for me. Since this patch i have frequent segfaults when
> syntastic kicks in. It seems related to this patch, maybe not immediatly
> due to setloclist itself but something related with quickfix.

> I'm sorry but atm i have no idea where to search.

> For now i'm stuck on 7.3.714 since that version can keep me working all
> day long.

> some output:
> --- start terminal output ---
> vim
> Vim: fataal signaal gevangen SEGV

> Vim: Finished.
> Segmentatiefout
> --- end terminal output ---

> > In my day to day work i use vim in combination with syntastic to do some
> > linting for me. Since this patch i have frequent segfaults when
> > syntastic kicks in. It seems related to this patch, maybe not immediatly
> > due to setloclist itself but something related with quickfix.

> > I'm sorry but atm i have no idea where to search.

> > For now i'm stuck on 7.3.714 since that version can keep me working all
> > day long.

> > some output:
> > --- start terminal output ---
> > vim
> > Vim: fataal signaal gevangen SEGV

> > Vim: Finished.
> > Segmentatiefout
> > --- end terminal output ---

> It would help, if you can craft a reproducible example. I have no idea,
> what syntastic is doing.

> regards,
> Christian

> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php

> > > In my day to day work i use vim in combination with syntastic to do some
> > > linting for me. Since this patch i have frequent segfaults when
> > > syntastic kicks in. It seems related to this patch, maybe not immediatly
> > > due to setloclist itself but something related with quickfix.

> > > I'm sorry but atm i have no idea where to search.

> > > For now i'm stuck on 7.3.714 since that version can keep me working all
> > > day long.

> > > some output:
> > > --- start terminal output ---
> > > vim
> > > Vim: fataal signaal gevangen SEGV

> > > Vim: Finished.
> > > Segmentatiefout
> > > --- end terminal output ---

> > It would help, if you can craft a reproducible example. I have no idea,
> > what syntastic is doing.

> > regards,
> > Christian

> > --
> > You received this message from the "vim_dev" maillist.
> > Do not top-post! Type your reply below the text you are replying to.
> > For more information, visit http://www.vim.org/maillist.php

> When i'm back at home i'll try to find a way to reproduce this problem
> consistently. I've had segfaults in many occasions but I dont yet have a
> pattern to make sure the segfault happens.

> I'm also not sure the problem lies in the patch itself but it was the
> trigger.

> --
> Ike

> > > > Anyone else having issues with this patch ?

> > > > In my day to day work i use vim in combination with syntastic to do
> > > > some
> > > > linting for me. Since this patch i have frequent segfaults when
> > > > syntastic kicks in. It seems related to this patch, maybe not
> > > > immediatly
> > > > due to setloclist itself but something related with quickfix.

> > > > I'm sorry but atm i have no idea where to search.

> > > > For now i'm stuck on 7.3.714 since that version can keep me working
> > > > all
> > > > day long.

> > > > some output:
> > > > --- start terminal output ---
> > > > vim
> > > > Vim: fataal signaal gevangen SEGV

> > > > Vim: Finished.
> > > > Segmentatiefout
> > > > --- end terminal output ---

> > > It would help, if you can craft a reproducible example. I have no idea,
> > > what syntastic is doing.

> > > regards,
> > > Christian

> > When i'm back at home i'll try to find a way to reproduce this problem
> > consistently. I've had segfaults in many occasions but I dont yet have a
> > pattern to make sure the segfault happens.

> > I'm also not sure the problem lies in the patch itself but it was the
> > trigger.

> i attach a minimum configuration + testfile where i have consistent
> segfaults on.

> within the archive you can find index.php, it has a syntax error, the
> following steps lead to segfault:

> vim index.php
> - :w (with the syntax error, syntastic kicks in)
> - goto end of phpinfo() and add ; :w (error is gone)
> - undo u
> - :w -> segfault

> uname -a:
> Linux 3.6.7 #1 SMP PREEMPT Sun Nov 18 09:53:58 CET 2012 x86_64 GNU/Linux
> distribution Arch Linux

> configure:
> ./configure --prefix=/usr --localstatedir=/var/lib/vim \
>    --mandir=/usr/share/man --with-compiledby=BlackEagle \
>    --with-features=huge --enable-gpm --enable-acl --with-x=no \
>    --disable-gui --enable-multibyte --enable-cscope \
>    --disable-netbeans --enable-perlinterp=dynamic \
>    --enable-pythoninterp=dynamic --enable-python3interp=dynamic \
>    --enable-rubyinterp=dynamic --enable-luainterp=dynamic

> now tested with version 7.3.725, first noticed with 7.3.718 and then
> detected that the problem went away when going back to 7.3.714

> to be able to build ruby dynamic on my machine i also needed the patch
> of Ken Takata in the 7.3.721 thread:
> https://groups.google.com/forum/?fromgroups=#!topic/vim_dev/-pxkvVyWZdo

> thx for looking into this

>> within the archive you can find index.php, it has a syntax error, the
>> following steps lead to segfault:

>> vim index.php
>> - :w (with the syntax error, syntastic kicks in)
>> - goto end of phpinfo() and add ; :w (error is gone)
>> - undo u
>> - :w -> segfault

>> uname -a:
>> Linux 3.6.7 #1 SMP PREEMPT Sun Nov 18 09:53:58 CET 2012 x86_64 GNU/Linux
>> distribution Arch Linux

>> configure:
>> ./configure --prefix=/usr --localstatedir=/var/lib/vim \
>>       --mandir=/usr/share/man --with-compiledby=BlackEagle \
>>       --with-features=huge --enable-gpm --enable-acl --with-x=no \
>>       --disable-gui --enable-multibyte --enable-cscope \
>>       --disable-netbeans --enable-perlinterp=dynamic \
>>       --enable-pythoninterp=dynamic --enable-python3interp=dynamic \
>>       --enable-rubyinterp=dynamic --enable-luainterp=dynamic

>> now tested with version 7.3.725, first noticed with 7.3.718 and then
>> detected that the problem went away when going back to 7.3.714

>> to be able to build ruby dynamic on my machine i also needed the patch
>> of Ken Takata in the 7.3.721 thread:
>> https://groups.google.com/forum/?fromgroups=#!topic/vim_dev/-pxkvVyWZdo

>> thx for looking into this

> ok i forgot on pre-requisite: you must have php installed so the syntastic
> plugin can run php -l to get the syntax error showing.

> --Ike

> 2861     if (wp != NULL)
> 2862         qi = GET_LOC_LIST(wp);
> 2863 #ifdef FEAT_AUTOCMD
> 2864     if (au_name != NULL)
> 2865     {
> 2866         apply_autocmds(EVENT_QUICKFIXCMDPOST, au_name,
> 2867                                                curbuf->b_fname,
> TRUE, curbuf);
> 2868         if (qi->qf_curlist < qi->qf_listcount)
> 2869             res = qi->qf_lists[qi->qf_curlist].qf_count;
> 2870         else
> 2871             res = 0;
> 2872     }

[…]
> Vim: Caught deadly signal SEGV
> Vim: Finished.
> Segmentation fault (core dumped)

> I don't know yet why some pointers are NULL but perhaps someone
> can make sense of it.

> On Do, 22 Nov 2012, Dominique Pellé wrote:

>> quickfix.c:

>> 2861     if (wp != NULL)
>> 2862         qi = GET_LOC_LIST(wp);
>> 2863 #ifdef FEAT_AUTOCMD
>> 2864     if (au_name != NULL)
>> 2865     {
>> 2866         apply_autocmds(EVENT_QUICKFIXCMDPOST, au_name,
>> 2867                                                curbuf->b_fname,
>> TRUE, curbuf);
>> 2868         if (qi->qf_curlist < qi->qf_listcount)
>> 2869             res = qi->qf_lists[qi->qf_curlist].qf_count;
>> 2870         else
>> 2871             res = 0;
>> 2872     }

> […]
>> Vim: Caught deadly signal SEGV
>> Vim: Finished.
>> Segmentation fault (core dumped)

>> I don't know yet why some pointers are NULL but perhaps someone
>> can make sense of it.

> I see. Try this patch:
> diff --git a/src/quickfix.c b/src/quickfix.c
> --- a/src/quickfix.c
> +++ b/src/quickfix.c
> @@ -2863,7 +2863,7 @@
>      {
>         apply_autocmds(EVENT_QUICKFIXCMDPOST, au_name,
>                                                curbuf->b_fname, TRUE, curbuf);
> -       if (qi->qf_curlist < qi->qf_listcount)
> +       if (qi != NULL && qi->qf_curlist < qi->qf_listcount)
>             res = qi->qf_lists[qi->qf_curlist].qf_count;
>         else
>             res = 0;

> regards,
> Christian

> wp->w_llist was set to NULL at line quickfix.c:914 which
> was introduced by chane 3918 according to hg annotate:

>  911 vimboss  644:     if (qi->qf_listcount == LISTCOUNT)
>  912 vimboss    7:     {
>  913    bram 3918:   if (wp != NULL && wp->w_llist == qi)
>  914    bram 3918:       wp->w_llist = NULL;
>  915 vimboss  644:   qf_free(qi, 0);

> ===
> changeset:   3918:4f0ddf4137ee
> tag:         v7-3-715
> user:        Bram Moolenaar <b...@vim.org>
> date:        Wed Nov 14 22:38:08 2012 +0100
> files:       src/quickfix.c src/testdir/test49.ok
> src/testdir/test49.vim src/version.c
> description:
> updated for version 7.3.715
> Problem:    Crash when calling setloclist() in BufUnload autocmd. (Marcin
>        Szamotulski)
> Solution:   Set w_llist to NULL when it was freed.  Also add a test.
>        (Christian Brabandt)
> ===

> I find it odd that a function called qf_new_list() clears
> wp->w_llist (set it to NULL) and does not set it back
> to something else. The name of the function "qf_new_list()"
> suggests that it should create another list, so perhaps
> it should set wp->w_llist to something else. But I don't
> understand the code here.

> On Do, 22 Nov 2012, Dominique Pell wrote:

> > I can't tell whether that's the right fix, but I confirm that
> > your proposed change avoids the crash at least.

> > wp->w_llist was set to NULL at line quickfix.c:914 which
> > was introduced by chane 3918 according to hg annotate:

> >  911 vimboss  644:     if (qi->qf_listcount == LISTCOUNT)
> >  912 vimboss    7:     {
> >  913    bram 3918:   if (wp != NULL && wp->w_llist == qi)
> >  914    bram 3918:       wp->w_llist = NULL;
> >  915 vimboss  644:   qf_free(qi, 0);

> > ===
> > changeset:   3918:4f0ddf4137ee
> > tag:         v7-3-715
> > user:        Bram Moolenaar <b...@vim.org>
> > date:        Wed Nov 14 22:38:08 2012 +0100
> > files:       src/quickfix.c src/testdir/test49.ok
> > src/testdir/test49.vim src/version.c
> > description:
> > updated for version 7.3.715
> > Problem:    Crash when calling setloclist() in BufUnload autocmd. (Marcin
> >           Szamotulski)
> > Solution:   Set w_llist to NULL when it was freed.  Also add a test.
> >           (Christian Brabandt)
> > ===

> > I find it odd that a function called qf_new_list() clears
> > wp->w_llist (set it to NULL) and does not set it back
> > to something else. The name of the function "qf_new_list()"
> > suggests that it should create another list, so perhaps
> > it should set wp->w_llist to something else. But I don't
> > understand the code here.

> Indeed. I think GET_LOC_LIST should be defined as
> ll_get_or_alloc_list(wp)

> Christian Brabandt wrote:

> > Hi Dominique!

> > On Do, 22 Nov 2012, Dominique Pell wrote:

> > > I can't tell whether that's the right fix, but I confirm that
> > > your proposed change avoids the crash at least.

> > > wp->w_llist was set to NULL at line quickfix.c:914 which
> > > was introduced by chane 3918 according to hg annotate:

> > >  911 vimboss  644:     if (qi->qf_listcount == LISTCOUNT)
> > >  912 vimboss    7:     {
> > >  913    bram 3918:   if (wp != NULL && wp->w_llist == qi)
> > >  914    bram 3918:       wp->w_llist = NULL;
> > >  915 vimboss  644:   qf_free(qi, 0);

> > > ===
> > > changeset:   3918:4f0ddf4137ee
> > > tag:         v7-3-715
> > > user:        Bram Moolenaar <b...@vim.org>
> > > date:        Wed Nov 14 22:38:08 2012 +0100
> > > files:       src/quickfix.c src/testdir/test49.ok
> > > src/testdir/test49.vim src/version.c
> > > description:
> > > updated for version 7.3.715
> > > Problem:    Crash when calling setloclist() in BufUnload autocmd. (Marcin
> > >      Szamotulski)
> > > Solution:   Set w_llist to NULL when it was freed.  Also add a test.
> > >      (Christian Brabandt)
> > > ===

> > > I find it odd that a function called qf_new_list() clears
> > > wp->w_llist (set it to NULL) and does not set it back
> > > to something else. The name of the function "qf_new_list()"
> > > suggests that it should create another list, so perhaps
> > > it should set wp->w_llist to something else. But I don't
> > > understand the code here.

> > Indeed. I think GET_LOC_LIST should be defined as
> > ll_get_or_alloc_list(wp)

> ll_get_or_alloc_list() can still return NULL, thus your check is needed
> anyway.

> On Fr, 23 Nov 2012, Bram Moolenaar wrote:
> > Christian Brabandt wrote:
> > > Hi Dominique!

> > > On Do, 22 Nov 2012, Dominique Pellé wrote:
> > > > I can't tell whether that's the right fix, but I confirm that
> > > > your proposed change avoids the crash at least.

> > > > wp->w_llist was set to NULL at line quickfix.c:914 which

> > > > was introduced by chane 3918 according to hg annotate:
> > > >  911 vimboss  644:     if (qi->qf_listcount == LISTCOUNT)
> > > >  912 vimboss    7:     {
> > > >  913    bram 3918:   if (wp != NULL && wp->w_llist == qi)
> > > >  914    bram 3918:       wp->w_llist = NULL;
> > > >  915 vimboss  644:   qf_free(qi, 0);

> > > > ===
> > > > changeset:   3918:4f0ddf4137ee
> > > > tag:         v7-3-715
> > > > user:        Bram Moolenaar <b...@vim.org>
> > > > date:        Wed Nov 14 22:38:08 2012 +0100
> > > > files:       src/quickfix.c src/testdir/test49.ok
> > > > src/testdir/test49.vim src/version.c
> > > > description:
> > > > updated for version 7.3.715
> > > > Problem:    Crash when calling setloclist() in BufUnload autocmd.
> > > > (Marcin

> > > >         Szamotulski)

> > > > Solution:   Set w_llist to NULL when it was freed.  Also add a test.

> > > >         (Christian Brabandt)

> > > > ===

> > > > I find it odd that a function called qf_new_list() clears
> > > > wp->w_llist (set it to NULL) and does not set it back
> > > > to something else. The name of the function "qf_new_list()"
> > > > suggests that it should create another list, so perhaps
> > > > it should set wp->w_llist to something else. But I don't
> > > > understand the code here.

> > > Indeed. I think GET_LOC_LIST should be defined as
> > > ll_get_or_alloc_list(wp)

> > ll_get_or_alloc_list() can still return NULL, thus your check is needed
> > anyway.

> It is still not right so. I'll look into it later.

> regards,
> Christian

> same configuration as before, same file (index.php)
> - open index.php (it still has the syntax error
> - :w (syntastic kicks in)
> - fix the error by adding ; after phpinfo()
> - :w (no more error in the file)
> - remove the ; again
> - :w (syntastic kicks in)
> - :w ->E776: No location list

> "index.php" 2L, 16C written
> Error detected while processing function
> <SNR>31_UpdateErrors..<SNR>31_AutoToggleLocList..<SNR>31_ShowLocList:
> line    3:
> E776: No location list
> Press ENTER or type command to continue

> no crash in this case, if i continue after this issue i get a second quickfix
> buffer.

> thx for the intermediate fix it is definatly an improvement.

> On Fr, 23 Nov 2012, Ike Devolder wrote:
> > but the following i can reproduce every time:

> > same configuration as before, same file (index.php)
> > - open index.php (it still has the syntax error
> > - :w (syntastic kicks in)
> > - fix the error by adding ; after phpinfo()
> > - :w (no more error in the file)
> > - remove the ; again
> > - :w (syntastic kicks in)
> > - :w ->E776: No location list

> > "index.php" 2L, 16C written
> > Error detected while processing function
> > <SNR>31_UpdateErrors..<SNR>31_AutoToggleLocList..<SNR>31_ShowLocList:
> > line    3:
> > E776: No location list
> > Press ENTER or type command to continue

> > no crash in this case, if i continue after this issue i get a second quickfix
> > buffer.

> > thx for the intermediate fix it is definatly an improvement.

> The following patch seems to fix all the issues mentioned so far. It
> basically does this by reverting Patch 7.3.715 and making sure, no data
> is freed more than once. Unfortunately, I have not been able to come up
> with a simple test case for the syntastic problem, that could be
> included.

> If anybody can come up with such a test (using no plugin, but just using
> vim -u NONE -U NONE -N) a tip is appreciated.

> On Fr, 23 Nov 2012, Ike Devolder wrote:
> > but the following i can reproduce every time:

> > same configuration as before, same file (index.php)
> > - open index.php (it still has the syntax error
> > - :w (syntastic kicks in)
> > - fix the error by adding ; after phpinfo()
> > - :w (no more error in the file)
> > - remove the ; again
> > - :w (syntastic kicks in)
> > - :w ->E776: No location list

> > "index.php" 2L, 16C written
> > Error detected while processing function
> > <SNR>31_UpdateErrors..<SNR>31_AutoToggleLocList..<SNR>31_ShowLocList:
> > line    3:
> > E776: No location list
> > Press ENTER or type command to continue

> > no crash in this case, if i continue after this issue i get a second quickfix
> > buffer.

> > thx for the intermediate fix it is definatly an improvement.

> The following patch seems to fix all the issues mentioned so far. It
> basically does this by reverting Patch 7.3.715 and making sure, no data
> is freed more than once. Unfortunately, I have not been able to come up
> with a simple test case for the syntastic problem, that could be
> included.

> If anybody can come up with such a test (using no plugin, but just using
> vim -u NONE -U NONE -N) a tip is appreciated.

> regards,
> Christian
> --
> Ich bin geldgierig. Als Finanzminister mu man geldgierig sein.
>            -- Hans Eichel

> --
> You received this message from the "vim_dev" maillist.
> Do not top-post! Type your reply below the text you are replying to.
> For more information, visit http://www.vim.org/maillist.php
> diff --git a/src/quickfix.c b/src/quickfix.c
> --- a/src/quickfix.c
> +++ b/src/quickfix.c
> @@ -898,11 +898,7 @@
>       * way with ":grep'.
>       */
>      while (qi->qf_listcount > qi->qf_curlist + 1)
> -    {
> -  if (wp != NULL && wp->w_llist == qi)
> -      wp->w_llist = NULL;
>    qf_free(qi, --qi->qf_listcount);
> -    }

>      /*
>       * When the stack is full, remove to oldest entry
> @@ -910,8 +906,6 @@
>       */
>      if (qi->qf_listcount == LISTCOUNT)
>      {
> -  if (wp != NULL && wp->w_llist == qi)
> -      wp->w_llist = NULL;
>    qf_free(qi, 0);
>    for (i = 1; i < LISTCOUNT; ++i)
>        qi->qf_lists[i - 1] = qi->qf_lists[i];
> @@ -2135,13 +2129,17 @@
>      while (qi->qf_lists[idx].qf_count)
>      {
>    qfp = qi->qf_lists[idx].qf_start->qf_next;
> -  vim_free(qi->qf_lists[idx].qf_start->qf_text);
> -  vim_free(qi->qf_lists[idx].qf_start->qf_pattern);
> -  vim_free(qi->qf_lists[idx].qf_start);
> +  if (qi->qf_lists[idx].qf_title != NULL)
> +  {
> +      vim_free(qi->qf_lists[idx].qf_start->qf_text);
> +      vim_free(qi->qf_lists[idx].qf_start->qf_pattern);
> +      vim_free(qi->qf_lists[idx].qf_start);
> +  }
>    qi->qf_lists[idx].qf_start = qfp;
>    --qi->qf_lists[idx].qf_count;
>      }
> -    vim_free(qi->qf_lists[idx].qf_title);
> +    if (qi->qf_lists[idx].qf_title != NULL)
> +  vim_free(qi->qf_lists[idx].qf_title);
>      qi->qf_lists[idx].qf_title = NULL;
>  }