The crash happens maybe a few times per year, and eventually resolved to the following guard with the error "Tailq for buffer \xc8 is empty", but I'm not sure how \xc8 is getting there, maybe I'm lingering on a control key or something whilst flailing at the keyboard. Some idle testing with "<various control keys here>p did not reproduce the issue; the buffer needs to be not empty, but not have a queue??
--- usr.bin/vi/common/put.c +++ usr.bin/vi/common/put.c @@ -57,6 +57,10 @@ put(SCR *sp, CB *cbp, CHAR_T *namep, MARK *cp, MARK *rp, int append) } } } + if (TAILQ_EMPTY(&cbp->textq)) { + msgq(sp, M_ERR, "Tailq for buffer %s is empty", KEY_NAME(sp, name)); + return (1); + } tp = TAILQ_FIRST(&cbp->textq); /*