diff --git a/7.1.074 b/7.1.074
new file mode 100644
index 0000000..0911f4e
--- /dev/null
+++ b/7.1.074
@@ -0,0 +1,171 @@
+To: vim-dev@vim.org
+Subject: patch 7.1.074
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=ISO-8859-1
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.1.074
+Problem:    Crash when calling string() on a recurively nested List.
+Solution:   Check result value for being NULL. (Yukihiro Nakadaira)
+Files:	    src/eval.c
+
+
+*** ../vim-7.1.073/src/eval.c	Mon Aug  6 22:27:12 2007
+--- src/eval.c	Tue Aug 14 22:01:12 2007
+***************
+*** 6802,6808 ****
+   * "numbuf" is used for a number.
+   * Does not put quotes around strings, as ":echo" displays values.
+   * When "copyID" is not NULL replace recursive lists and dicts with "...".
+!  * May return NULL;
+   */
+      static char_u *
+  echo_string(tv, tofree, numbuf, copyID)
+--- 6802,6808 ----
+   * "numbuf" is used for a number.
+   * Does not put quotes around strings, as ":echo" displays values.
+   * When "copyID" is not NULL replace recursive lists and dicts with "...".
+!  * May return NULL.
+   */
+      static char_u *
+  echo_string(tv, tofree, numbuf, copyID)
+***************
+*** 6887,6893 ****
+   * If the memory is allocated "tofree" is set to it, otherwise NULL.
+   * "numbuf" is used for a number.
+   * Puts quotes around strings, so that they can be parsed back by eval().
+!  * May return NULL;
+   */
+      static char_u *
+  tv2string(tv, tofree, numbuf, copyID)
+--- 6887,6893 ----
+   * If the memory is allocated "tofree" is set to it, otherwise NULL.
+   * "numbuf" is used for a number.
+   * Puts quotes around strings, so that they can be parsed back by eval().
+!  * May return NULL.
+   */
+      static char_u *
+  tv2string(tv, tofree, numbuf, copyID)
+***************
+*** 14974,14979 ****
+--- 14974,14983 ----
+  
+      p1 = tv2string(&(*(listitem_T **)s1)->li_tv, &tofree1, numbuf1, 0);
+      p2 = tv2string(&(*(listitem_T **)s2)->li_tv, &tofree2, numbuf2, 0);
++     if (p1 == NULL)
++ 	p1 = (char_u *)"";
++     if (p2 == NULL)
++ 	p2 = (char_u *)"";
+      if (item_compare_ic)
+  	res = STRICMP(p1, p2);
+      else
+***************
+*** 15463,15469 ****
+  
+      rettv->v_type = VAR_STRING;
+      rettv->vval.v_string = tv2string(&argvars[0], &tofree, numbuf, 0);
+!     if (tofree == NULL)
+  	rettv->vval.v_string = vim_strsave(rettv->vval.v_string);
+  }
+  
+--- 15467,15474 ----
+  
+      rettv->v_type = VAR_STRING;
+      rettv->vval.v_string = tv2string(&argvars[0], &tofree, numbuf, 0);
+!     /* Make a copy if we have a value but it's not in allocate memory. */
+!     if (rettv->vval.v_string != NULL && tofree == NULL)
+  	rettv->vval.v_string = vim_strsave(rettv->vval.v_string);
+  }
+  
+***************
+*** 20167,20172 ****
+--- 20174,20180 ----
+  		char_u	buf[MSG_BUF_LEN];
+  		char_u	numbuf2[NUMBUFLEN];
+  		char_u	*tofree;
++ 		char_u	*s;
+  
+  		msg_puts((char_u *)"(");
+  		for (i = 0; i < argcount; ++i)
+***************
+*** 20177,20186 ****
+  			msg_outnum((long)argvars[i].vval.v_number);
+  		    else
+  		    {
+! 			trunc_string(tv2string(&argvars[i], &tofree,
+! 					      numbuf2, 0), buf, MSG_BUF_CLEN);
+! 			msg_puts(buf);
+! 			vim_free(tofree);
+  		    }
+  		}
+  		msg_puts((char_u *)")");
+--- 20185,20197 ----
+  			msg_outnum((long)argvars[i].vval.v_number);
+  		    else
+  		    {
+! 			s = tv2string(&argvars[i], &tofree, numbuf2, 0);
+! 			if (s != NULL)
+! 			{
+! 			    trunc_string(s, buf, MSG_BUF_CLEN);
+! 			    msg_puts(buf);
+! 			    vim_free(tofree);
+! 			}
+  		    }
+  		}
+  		msg_puts((char_u *)")");
+***************
+*** 20258,20271 ****
+  	    char_u	buf[MSG_BUF_LEN];
+  	    char_u	numbuf2[NUMBUFLEN];
+  	    char_u	*tofree;
+  
+  	    /* The value may be very long.  Skip the middle part, so that we
+  	     * have some idea how it starts and ends. smsg() would always
+  	     * truncate it at the end. */
+! 	    trunc_string(tv2string(fc.rettv, &tofree, numbuf2, 0),
+! 							   buf, MSG_BUF_CLEN);
+! 	    smsg((char_u *)_("%s returning %s"), sourcing_name, buf);
+! 	    vim_free(tofree);
+  	}
+  	msg_puts((char_u *)"\n");   /* don't overwrite this either */
+  
+--- 20269,20286 ----
+  	    char_u	buf[MSG_BUF_LEN];
+  	    char_u	numbuf2[NUMBUFLEN];
+  	    char_u	*tofree;
++ 	    char_u	*s;
+  
+  	    /* The value may be very long.  Skip the middle part, so that we
+  	     * have some idea how it starts and ends. smsg() would always
+  	     * truncate it at the end. */
+! 	    s = tv2string(fc.rettv, &tofree, numbuf2, 0);
+! 	    if (s != NULL)
+! 	    {
+! 		trunc_string(s, buf, MSG_BUF_CLEN);
+! 		smsg((char_u *)_("%s returning %s"), sourcing_name, buf);
+! 		vim_free(tofree);
+! 	    }
+  	}
+  	msg_puts((char_u *)"\n");   /* don't overwrite this either */
+  
+*** ../vim-7.1.073/src/version.c	Tue Aug 14 22:15:53 2007
+--- src/version.c	Tue Aug 14 22:27:24 2007
+***************
+*** 668,669 ****
+--- 668,671 ----
+  {   /* Add new patch number below this line */
++ /**/
++     74,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+159. You get excited whenever discussing your hard drive.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\        download, build and distribute -- http://www.A-A-P.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///