This is another error reported by PVS, though I now have no opinion on what to do with this. Offending code is qi != save_qi condition in

    /* Autocommands may change the list. Save it for later comparison */
    save_qi = qi;
…
	if (!new_qi && qi != save_qi && qf_find_buf(qi) == NULL)
	    /* autocommands made "qi" invalid */
	    return;

The problem here is that if you analyze the code between assigning save_qi and qi you will see that

1. There are no goto to the location before assigning save_qi, specifically to the start of the function where qi is initially assigned. Actually no labels anywhere in function.
2. qi is not assigned to.
3. &qi is not passed anywhere in the whole function (qi is passed, but it would do nothing to mess with save_qi == qi condition). And it is a local variable, so it would not be possible to change it otherwise.

This means no matter what, autocommands cannot “make "qi" invalid” like comment suggests as long as qi != save_qi is inside a condition. Also autocommands may not change qi, only whatever memory qi points to. Obviously, code is somehow wrong. But I do not know what is the right variant.

// BTW, is it intentional that QuickFixCmdPost run from :[l]helpgrep ignores absense of nested flag? I can get E218 with vim -u NORC -i NONE -N --cmd 'au QuickFixCmdPost * :bwipeout! | lhelpgrep b' --cmd 'lhelpgrep a' (though still not something like double free crash I initially expected).