2007-03-15  Geoffrey Keating  <geoffk@apple.com>

	* cp-demangle.c (d_encoding): Exit early on error.
	(d_pointer_to_member_type): Exit early if cplus_demangle_type
	returns NULL.
	(cplus_demangle_type): Likewise.
	* testsuite/demangle-expected: New testcase.

Index: libiberty/testsuite/demangle-expected
===================================================================
--- libiberty/testsuite/demangle-expected	(revision 122878)
+++ libiberty/testsuite/demangle-expected	(working copy)
@@ -3838,3 +3838,7 @@
 --format=gnu-v3
 _ZNT
 _ZNT
+# Dereferencing NULL in d_pointer_to_member_type
+--format=gnu-v3
+_Z1aMark
+_Z1aMark
Index: libiberty/cp-demangle.c
===================================================================
--- libiberty/cp-demangle.c	(revision 122878)
+++ libiberty/cp-demangle.c	(working copy)
@@ -1067,7 +1067,7 @@
 	}
 
       peek = d_peek_char (di);
-      if (peek == '\0' || peek == 'E')
+      if (dc == NULL || peek == '\0' || peek == 'E')
 	return dc;
       return d_make_comp (di, DEMANGLE_COMPONENT_TYPED_NAME, dc,
 			  d_bare_function_type (di, has_return_type (dc)));
@@ -1780,7 +1780,7 @@
       if (pret == NULL)
 	return NULL;
       *pret = cplus_demangle_type (di);
-      if (! d_add_substitution (di, ret))
+      if (! *pret || ! d_add_substitution (di, ret))
 	return NULL;
       return ret;
     }
@@ -2135,6 +2135,8 @@
   if (pmem == NULL)
     return NULL;
   *pmem = cplus_demangle_type (di);
+  if (*pmem == NULL)
+    return NULL;
 
   if (pmem != &mem && (*pmem)->type != DEMANGLE_COMPONENT_FUNCTION_TYPE)
     {