Arg.. version 1.63 was a misapplied patch, (supposed to be checked into the

3.5 branch). The result is 1.63 backs out 1.62, which is not the intent.
restore 1.62.

security/nss/lib/pki/pki3hack.c

@@ -32,7 +32,7 @@
  */
 
 #ifdef DEBUG
-static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.63 $ $Date: 2002/07/31 18:50:11 $ $Name:  $";
+static const char CVS_ID[] = "@(#) $RCSfile: pki3hack.c,v $ $Revision: 1.64 $ $Date: 2002/07/31 18:55:59 $ $Name:  $";
 #endif /* DEBUG */
 
 /*
@@ -433,18 +433,27 @@ nssDecodedPKIXCertificate_Destroy
 )
 {
     CERTCertificate *cert = (CERTCertificate *)dc->data;
-    PRBool freeSlot = cert->ownSlot;
-    PK11SlotInfo *slot = cert->slot;
-    PRArenaPool *arena  = cert->arena;
-    /* zero cert before freeing. Any stale references to this cert
-     * after this point will probably cause an exception.  */
-    PORT_Memset(cert, 0, sizeof *cert);
-    /* free the arena that contains the cert. */
-    PORT_FreeArena(arena, PR_FALSE);
-    nss_ZFreeIf(dc);
-    if (slot && freeSlot) {
-	PK11_FreeSlot(slot);
+    PRBool freeSlot = PR_FALSE; 
+    PK11SlotInfo *slot = NULL;
+    PRArenaPool *arena;
+
+    /* The decoder may only be half initialized (the case where we find we 
+     * could not decode the certificate). In this case, there is not cert to
+     * free, just free the dc structure. */
+    if (cert) {
+	freeSlot = cert->ownSlot;
+	slot = cert->slot;
+	arena  = cert->arena;
+	/* zero cert before freeing. Any stale references to this cert
+	 * after this point will probably cause an exception.  */
+	PORT_Memset(cert, 0, sizeof *cert);
+	/* free the arena that contains the cert. */
+	PORT_FreeArena(arena, PR_FALSE);
+	if (slot && freeSlot) {
+	    PK11_FreeSlot(slot);
+	}
     }
+    nss_ZFreeIf(dc);
     return PR_SUCCESS;
 }